Whitelisting CloudFlare

After you set up your account with CloudFlare, add your WordPress site, download the WordPress plug-in for Cloudflare and fill in the blanks on the set-up screen, and switch your DNS over to Cloudflare, you may notice that CloudFlare recommends one additional step: Whitelisting CloudFlare IP addresses.

For some reason, though, the CloudFlare plug-in does not handle this for you, even though the Cloudflare IP addresses are in the plug-in code, so you’ll have to do it yourself.

The “manual” way of doing this is to edit your .htaccess file (which can be tricky) to allow connections from CloudFlare IP addresses. If you do have the ability to edit your .htaccess file, this is actually fairly easy to do because CloudFlare offers a page with the necessary Apache directives. Of course, any time you edit your .htaccess file, you have to make certain you don’t hose your WordPress directives, or other directives that allow your site to load and run.

There is an easier way, though, involving JetPack (which you should be using anyway).

In JetPack settings, scroll down to “Protect,” and click “configure.” On the protection page, there’s actually a text field for entering IP addresses to whitelist. Imagine that.

The catch is that you do not enter Apache directives here, so instead of entering:

Allow from 199.27.128.0/21

You would enter an IP range thusly:

199.27.128.0-199.27.128.21

You don’t need to enter “Allow from,” just the IP or IP range.

So on the Protect settings page, you would enter the IP4 CloudFlare IP addresses like this:

199.27.128.0-199.27.128.21
173.245.48.0-173.245.48.20
103.21.244.0-103.21.244.22
103.22.200.0-103.22.200.22
103.31.4.0-103.31.4.22
141.101.64.0-141.101.64.18
108.162.192.0-108.162.192.18
190.93.240.0-190.93.240.20
188.114.96.0-188.114.96.20
197.234.240.0-197.234.240.22
198.41.128.0-198.41.128.17
162.158.0.0-162.158.0.15
104.16.0.0-104.16.0.12
172.64.0.0-172.64.0.13

The Protect settings page helpfully tells you what IP address you are visiting from, so you can also whitelist your own IP address, should you wish.

Advertisements