The django-cloudflare-restrictor package provides a convient way to restrict access to your application server, such that it will only respond to requests that come via cloudflare's network.
Install the package from pypi
pip install django-cloudflare-restrictor
Add to INSTALLED APPS in your settings file
INSTALLED_APPS = [
'django_cloudflare_restrictor',
...
And add to MIDDLEWARE in your settings file
MIDDLEWARE = [
'django_cloudflare_restrictor.middleware.CloudflareRestrictorMiddleware',
...
]
Set the additional settings as desired
CLOUDFLARE_RESTRICTOR_ENABLED = True
CLOUDFLARE_RESTRICTOR_ADDITIONAL_NETWORKS = ["127.0.0.0/8"]
If you want to confirm that the IP blocks stored in the django-cloudflare-restrictor package are up to date you can use the check_cloudflare_ips command. This will log a warning if the IP addresses are out of date.
python manage.py check_cloudflare_ips
Based on historical evidence, it appears that Cloudflare gives around 1 month's advance notice of IP address changes, by publishing the new addresses in advance on their site. Updates to these lists are very infrequent (approx once per every 2 years)