Support » Plugin: Wordfence Security - Firewall, Malware Scan, and Login Security » Wordfence and CloudFlare without mod_cloudflare

  • I am using Wordfence & Cloudflare on Ubuntu 15.x. I could not install mod_cloudflare since it is not supported on Ubuntu 15.

    In order to whitelist the cloudflare IPs in the Wordfence plugin, I had to enter the ip ranges in Wordfence Options => Other Options => “Whitelisted IP addresses that bypass all rules” field.

    I searched the support forums and found this thread. The replies/solutions given in that thread are incomplete. The IP ranges of cloudflare are specified at CloudFlare IPs. The solutions in that thread ignored the fact that the specified ip addresses on the cloudflare website are in CIDR notation.

    So “103.21.244.0/22” actually translates to “103.21.[244-247].[0-255]”, but was translated as “103.21.244.[0-22]” which is incorrect/incomplete. That can be checked at an online tool CIDR Tool

    Now the complete cloudflare ip ranges for Wordfence whitelist translates to

    103.21.[244-247].[0-255],103.22.[200-203].[0-255],103.31.[4-7].[0-255],104.[16-31].[0-255].[0-255],108.162.[192-255].[0-255],131.0.[72-75].[0-255],141.101.[64-127].[0-255],162.[158-159].[0-255].[0-255],172.[64-71].[0-255].[0-255],173.245.[48-63].[0-255],188.114.[96-111].[0-255],190.93.[240-255].[0-255],197.234.[240-243].[0-255],198.41.[128-255].[0-255],199.27.[128-135].[0-255],2400:CB00:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]:[0000-FFFF],2405:8100:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]:[0000-FFFF],2405:B500:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]:[0000-FFFF],2606:4700:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]:[0000-FFFF],2803:F800:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]:[0000-FFFF]

    Hope someone finds this useful

    https://wordpress.org/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Hi; I’m Junade and I work at CloudFlare.

    Firstly it looks like your trouble with Mod_CloudFlare is largely an Apache conflict, you can consult our guide here: https://support.cloudflare.com/hc/en-us/articles/203656534-How-do-I-restore-original-visitor-IP-with-Apache-2-4-

    Regardless, WordFence actually has integration with CloudFlare; what you can do is, in your admin panel go to: WordFence -> Options and find the option “How does Wordfence get IPs:”. In the drop down menu select “Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.”

    Save this option and you’re done!

    Thread Starter Ravi Kiran Katha

    (@ravikatha)

    Thanks for the info. I am now able to install mod_cloudflare on my server.

    One quick question – I guess that module puts the real visitor IP in REMOTE_ADDR server var.

    Since the module is enabled now, can I use the Wordfence’s PHP REMOTE_ADDR option – so that it works with or without cloudflare enabled on my server?

    Plugin Author WFMattR

    (@wfmattr)

    @ravi: Yes, if CloudFlare is restoring the REMOTE_ADDR within apache itself, using the default option in Wordfence is best.

    @icyapril: Thanks for the mod_cloudflare details!

    -Matt R

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Wordfence and CloudFlare without mod_cloudflare’ is closed to new replies.