Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
65 lines (48 sloc) 2.44 KB
layout title excerpt category
Whitelisting CloudFlare in Nginx
Whitelisting CloudFlare in Nginx

I recently moved from Apache2 to Nginx as my web server of choice because of its low memory footprint so I can run it on a very small Digital Ocean Droplet (thats a referral link, here's a direct link

CloudFlare is a Content Delivery Network (CDN) provider and has a free tier, which is great to protect my lttle droplet. And to protect it even more you can white list CloudFlares IP's.

To do this, create a file that allows all of CloudFlare's IPs. You can then include it into your nginx config. If you have multiple sites you can include them in each or globally or per site.

Create /etc/nginx/cloudflare-allow.conf {% highlight bash %}


allow; allow; allow; allow; allow; allow; allow; allow; allow; allow; allow; allow;


allow 2400:cb00::/32; allow 2606:4700::/32; allow 2803:f800::/32; allow 2405:b500::/32; allow 2405:8100::/32; {% endhighlight %}

Then in your sites-available/ add:

{% highlight bash %} server { listen 80; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6

include /etc/nginx/cloudflare-allow.conf; deny all;


#...the rest of your config here... } {% endhighlight %}

Thats it, now when access the page via your direct hostname, it will give a 403 Forbidden. Note this is still a hit to origin and nginx will process it. I did this approach as I have some other hosts not in front of CloudFlare.

Alternatively you can use iptables to drop all packets not from CloudFlare


More info on ngx_http_access_modlue which provides the allow/deny:

Setting up virtual hosts in nginx: