Title: Blocking Cloudflare? Last modified: August 22, 2016 --- # Blocking Cloudflare? * Resolved [Rhand](https://wordpress.org/support/users/rhand/) * (@rhand) * [11 years, 8 months ago](https://wordpress.org/support/topic/blocking-cloudflare/) * Just saw that Clouflare (free CDN Package) used for one of my Dreamhost WordPress sites seems to be having a conflict with Wordfence: * > This email was sent from your website “Website” by the Wordfence plugin at > Wednesday 20th of August 2014 at 11:02:04 AM > The Wordfence administrative > URL for this site is: [http://www.domain.com/wp-admin/admin.php?page=Wordfence](http://www.domain.com/wp-admin/admin.php?page=Wordfence) > Wordfence has blocked IP address 108.162.209.69. > The reason is: “Exceeded > the maximum number of page requests per minute for humans.”. User IP: 108.162.209.69 * Is this a known issue? What are recommended steps to prevent this? * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/) Viewing 15 replies - 1 through 15 (of 22 total) 1 [2](https://wordpress.org/support/topic/blocking-cloudflare/page/2/?output_format=md) [→](https://wordpress.org/support/topic/blocking-cloudflare/page/2/?output_format=md) * [barnez](https://wordpress.org/support/users/pidengmor/) * (@pidengmor) * [11 years, 8 months ago](https://wordpress.org/support/topic/blocking-cloudflare/#post-5209083) * You could try whitelisting Cloudfare’s IP address in WordFence’s Options, Other Options section * [damoncloudflare](https://wordpress.org/support/users/damoncloudflare/) * (@damoncloudflare) * [11 years, 8 months ago](https://wordpress.org/support/topic/blocking-cloudflare/#post-5209185) * “Wordfence has blocked IP address 108.162.209.69. The reason is: “Exceeded the maximum number of page requests per minute for humans.”. User IP: 108.162.209.69″ * Do you have the [CloudFlare WordPress plugin](https://wordpress.org/plugins/cloudflare/) installed? * All requests are going to appear to come from our IPs (we’re a reverse proxy) without something to restore the visitor IP. You do want to make sure requests from [CloudFlare’s IPs](https://www.cloudflare.com/ips) aren’t being restricted in any way, as this could actually affect visitors getting to your site. * Thread Starter [Rhand](https://wordpress.org/support/users/rhand/) * (@rhand) * [11 years, 8 months ago](https://wordpress.org/support/topic/blocking-cloudflare/#post-5209201) * I use Cloudflare via Dreamhost so there was no need to install the plugin. I did add `108.162.209.69` to the whitelist now. Also see you can add ranges using` 123.23.34.[1-50]` Cloudflare has ranges here [https://www.cloudflare.com/ips-v4](https://www.cloudflare.com/ips-v4) but this ip does not seem to fit those ranges there. * [damoncloudflare](https://wordpress.org/support/users/damoncloudflare/) * (@damoncloudflare) * [11 years, 8 months ago](https://wordpress.org/support/topic/blocking-cloudflare/#post-5209249) * 108.162.209.69 is part of the 108.162.192.0/18 range. * NetRange: 108.162.192.0 – 108.162.255.255 CIDR: 108.162.192.0/18 OriginAS: AS13335 NetName: CLOUDFLARENET NetHandle: NET-108-162-192-0-1 Parent: NET-108-0-0-0-0 NetType: Direct Assignment Comment: [http://www.cloudflare.com](http://www.cloudflare.com) RegDate: 2011-10-28 Updated: 2012-03-02 Ref: [http://whois.arin.net/rest/net/NET-108-162-192-0-1](http://whois.arin.net/rest/net/NET-108-162-192-0-1) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [11 years, 8 months ago](https://wordpress.org/support/topic/blocking-cloudflare/#post-5209251) * In Wordfence you could also select the option under “How does Wordfence get IP’s” to use the CF-Connecting IP header. This is on your Wordfence options page towards the top. * Maybe damon can confirm that CF is still sending that header. * But I agree that if you are using cloudflare, you really want to either install their plugin or I think they also have an apache module that will make sure your WP install sees the correct IP’s and will disallow any other IP’s from connecting which saves you from getting attacked by someone just going around their reverse proxy. * Regards, * Mark. * [damoncloudflare](https://wordpress.org/support/users/damoncloudflare/) * (@damoncloudflare) * [11 years, 8 months ago](https://wordpress.org/support/topic/blocking-cloudflare/#post-5209252) * “Maybe damon can confirm that CF is still sending that header.” * Yes. * Thread Starter [Rhand](https://wordpress.org/support/users/rhand/) * (@rhand) * [11 years, 8 months ago](https://wordpress.org/support/topic/blocking-cloudflare/#post-5209352) * Thanks for all the feedback. I located the “How does Wordfence get IPS’s” line. I checked the cloudlfare option here as now. Damoncloudflare mentioned: * > 108.162.209.69 is part of the 108.162.192.0/18 range. * So how do I add this range in Wordfence? Using `108.162.192.[1-18]`? * [Scott Dayman](https://wordpress.org/support/users/sdayman/) * (@sdayman) * [11 years, 8 months ago](https://wordpress.org/support/topic/blocking-cloudflare/#post-5209353) * I’m on Dreamhost and use Cloudflare. I use the plugin. I still think you should and don’t see why you wouldn’t. Dreamhost got me up and running on Cloudflare, but I don’t think they do any special magic. * [Mika Epstein](https://wordpress.org/support/users/ipstenu-dh/) * (@ipstenu-dh) * DreamHost Rep * [11 years, 8 months ago](https://wordpress.org/support/topic/blocking-cloudflare/#post-5209358) * Just to clarify at DreamHost, we actually secretly set up all severs with mod_cloudflare so it’s magically ready for anyone 🙂 But that is, literally, a server setting. * [Scott Dayman](https://wordpress.org/support/users/sdayman/) * (@sdayman) * [11 years, 8 months ago](https://wordpress.org/support/topic/blocking-cloudflare/#post-5209360) * I stand corrected. They *do* do special magic. * In that case, the original problem shouldn’t be happening. With mod_cloudflare( or the plugin), you shouldn’t have to whitelist Cloudflare IP ranges. * [damoncloudflare](https://wordpress.org/support/users/damoncloudflare/) * (@damoncloudflare) * [11 years, 8 months ago](https://wordpress.org/support/topic/blocking-cloudflare/#post-5209361) * Hi Ipstenu-DH, * My understanding is that hosts generally only install mod_cloudflare on shared servers & not dedicated (you may be different than our other partners in that regard). * Hi Rhand, * That IP address range is in CIDR format. It would convert to: * 108.162.192.0 – 108.162.255.255 * [WFSupport](https://wordpress.org/support/users/wfsupport/) * (@wfsupport) * [11 years, 8 months ago](https://wordpress.org/support/topic/blocking-cloudflare/#post-5209362) * [@damoncloudflare](https://wordpress.org/support/users/damoncloudflare/) * Can you weigh in on this one too? * [http://wordpress.org/support/topic/wordfence-cant-resolve-cloudflare-ip-addresses?replies=5](http://wordpress.org/support/topic/wordfence-cant-resolve-cloudflare-ip-addresses?replies=5) * tim * [imilleson](https://wordpress.org/support/users/imilleson/) * (@imilleson) * [11 years, 6 months ago](https://wordpress.org/support/topic/blocking-cloudflare/#post-5209390) * For anyone who needs the Cloudflare IPs (Pro – don’t know if the IPs are the same as free) in Wordfence’s IP Range Format: * 199.27.128.[0-21], 173.245.48.[0-20], 103.21.244.[0-22], 103.22.200.[0-22], 103.31.4.[ 0-22], 141.101.64.[0-18], 108.162.192.[0-18], 190.93.240.[0-20], 188.114.96.[ 0-20], 197.234.240.[0-22], 198.41.128.[0-17], 162.158.0.[0-15], 104.16.0.[0-12] * Hope that helps, that fixed it for me * [salty-sailor](https://wordpress.org/support/users/salty-sailor/) * (@salty-sailor) * [11 years, 3 months ago](https://wordpress.org/support/topic/blocking-cloudflare/#post-5209392) * @Wordfence, Can you comment on this approach of [@imilleson](https://wordpress.org/support/users/imilleson/) please? * `199.27.128.[0-21]` * That would be convenient if possible because [Cloudflare’s IPs](https://www.cloudflare.com/ips) are shown in CIDR notation. For example the first one is 199.27.128.0/21. That range expands to IP addresses from 199.27.128.0 – 199.27.135.255 according to an online tool. How does Wordfence expect that range to be expressed in the format 123.23.34.[1-50] ??? Thank you. * [salty-sailor](https://wordpress.org/support/users/salty-sailor/) * (@salty-sailor) * [11 years, 3 months ago](https://wordpress.org/support/topic/blocking-cloudflare/#post-5209393) * Previous post should have been posed to either [@wfsupport](https://wordpress.org/support/users/wfsupport/) or @Wordfence Viewing 15 replies - 1 through 15 (of 22 total) 1 [2](https://wordpress.org/support/topic/blocking-cloudflare/page/2/?output_format=md) [→](https://wordpress.org/support/topic/blocking-cloudflare/page/2/?output_format=md) The topic ‘Blocking Cloudflare?’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 22 replies * 10 participants * Last reply from: [damoncloudflare](https://wordpress.org/support/users/damoncloudflare/) * Last activity: [10 years, 9 months ago](https://wordpress.org/support/topic/blocking-cloudflare/page/2/#post-5209412) * Status: resolved