Blocking All IPs except for Cloudflare IPs

[marzel]

Hello,
its maybe a dumb question because its already answered in the wiki (if its not outdated)
how can i block every ip except for cloudflare ips?

i know its controlled via access control in server configuration tab but
whats the correct setup because i found different explanations
im running the latest stable openlitespeed

i tried to whitelist the cloudlfare ips in allowed and in deny "all" which returned a 520 error

also is comma seperated needed and a trailing T?

would be grateful for some help

 

[yorich]

It's amazing what you can learn if you read the help associated with the option. The UI CLEARLY tells you what the "T" is for, to bypass any rate limiting, etc (it's trusted).

Now back to your question, I'm curious as well. I've whitelisted only the CF IP addresses (including IPv6) and when I try to load my page, I get a 403 forbidden from openlitespeed, so it seems that either A.) CF needs to update their IP addresses, or B.) Something else is incorrect.

 

[naseem]

in AWS I allow access to https ports only from cloudflare IP list and it works perfectly. I dont think its a good idea to block access at the OLS level. either your host firewall gateway (AWS Security rules) or at the server level like UFW