How do I deny all requests not from cloudflare?
Posted
by
phillips1012
on Server Fault
See other posts from Server Fault
or by phillips1012
Published on 2014-06-03T01:38:42Z
Indexed on
2014/06/03
3:30 UTC
Read the original article
Hit count: 503
nginx
|cloudflare
I've recently gotten denial of service attacks from multiple proxy ips, so I installed cloudflare to prevent this. Then I started noticing that they're bypassing cloudflare by connecting directly to the server's ip address and forging the host header.
What is the most performant way to return 403 on connections that aren't from the 18 ip addresses used by cloudflare?
I tried deny
ing all then explicitly allow
ing the cloudflare ips but this doesn't work since I've set it up so that CF-Connecting-IP
sets the ip allow
tests for.
I'm using nginx 1.6.0.
© Server Fault or respective owner