Support » Plugin: Shield Security for WordPress » CloudFlare IP ranges

  • Resolved blackstar1979

    (@blackstar1979)



    Hi there 🙂

    I’d like to add some IP ranfes from CloudFlare to whitelist. Is it posiible ind will be applied?

    IPv4
    
    103.21.244.0/22
    103.22.200.0/22
    103.31.4.0/22
    104.16.0.0/12
    108.162.192.0/18
    141.101.64.0/18
    162.158.0.0/15
    172.64.0.0/13
    173.245.48.0/20
    188.114.96.0/20
    190.93.240.0/20
    197.234.240.0/22
    198.41.128.0/17
    199.27.128.0/21
    
    IPv6
    
    2400:cb00::/32
    2405:8100::/32
    2405:b500::/32
    2606:4700::/32
    2803:f800::/32

    Greetings 🙂

    https://wordpress.org/plugins/wp-simple-firewall/

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Paul

    (@paultgoodchild)

    I’m not entirely sure a move like that is necessary or advisable.

    If I’m a “hacker” and I try to send a malicious request to your site, it’ll proxy through CF straight to your WordPress site. But since you’ve white listed the IP, it’ll by-pass any scanning on the plugin side.

    Plugin Author Paul

    (@paultgoodchild)

    A secondary point unrelating to cloudflare is that yes, you can use ranges, but currently only IPv4 ranges are supported. I’d need to do some sort of testing on ipv6 ranges

    Here is original answear for my support ticket at CF:

    A 522 error happens when a TCP connection to the web server could not be established. To initiate a TCP connection our edge server sends out 3 SYN packets and awaits a SYN-ACK packet in return, if it doesn't receive one within 15 seconds the connection attempt will fail.
    Common reasons for us to not receive the SYN-ACK in return:
    - Our connection attempt was blocked by a firewall/security plugin at the host
    - Packets are being dropped within the host's network
    - The origin server was too overloaded to respond
    - There was an issue with an upstream provider along the path
    Here is what I recommend in order to ensure CloudFlare's IPs are accepted by your server:
    1. Make sure that you're not blocking CloudFlare IPs in .htaccess, iptables , or your firewall.
    2. Make sure your hosting provider isn't rate limiting or blocking IP requests from the CloudFlare IPs and ask them to whitelist the IP addresses below:
    3. Make sure that you're operating off of the most recent versions of Bad Behavior or mod_security. mod_security's core rules aren't blocking CloudFlare requests.
    Here is a list of our IPs: https://www.cloudflare.com/ips

    Can you help somehow?
    Thanks in advance.

    Plugin Author Paul

    (@paultgoodchild)

    Have you followed those steps 1-3?

    The only point relating to our firewall is point 1 – ensure that their IPs aren’t on the blacklist – you can view the black list on the IP Manager.

    Furthermore, even if their IPs were on the blacklist of the plugin, they wouldn’t generate this type of error.

    2 & 3 are in progress… waiting for an answear

    I’ve checked that and there were no CF’s IPs blocked in server setings/logs. Plugin’s black list is clear.

    So going to figure it out further… thanks for your help 🙂

    Plugin Author Paul

    (@paultgoodchild)

    Great! Keep me posted sure if you think there’s any thing else I can help you with…

    Hi again 🙂

    This is the solution provided by my hosting provider, that I really don’t understand: (in .htaccess)

    <IfModule mod_security2.c>
    SecRuleRemoveById 950109
    SecRuleRemoveById 950120
    SecRuleRemoveById 950901
    SecRuleRemoveById 950119
    SecRuleRemoveById 958291
    SecRuleRemoveById 960006
    SecRuleRemoveById 960024
    SecRuleRemoveById 960032
    SecRuleRemoveById 960010
    SecRuleRemoveById 960034
    SecRuleRemoveById 960035
    SecRuleRemoveById 960038
    SecRuleRemoveById 981260
    SecRuleRemoveById 973338
    SecRuleRemoveById 981036
    SecRuleRemoveById 981243
    SecRuleRemoveById 981246
    SecRuleRemoveById 981247
    SecRuleRemoveById 981257
    SecRuleRemoveById 981260
    SecRuleRemoveById 981318
    SecRuleRemoveById 981319
    </IfModule>

    Plugin Author Paul

    (@paultgoodchild)

    Cool, I guess if it works, then great 😉

    @blackstar1979,

    This is the solution provided by my hosting provider, that I really don’t understand: (in .htaccess)

    ModSecurity (Apache module) is a web application firewall commonly deployed by web hosts to protect websites from various attacks. The numbers are IDs of specific rules that may be called to protect your site against specific known exploits.

    But as with any security measure, there can be false positives, causing innocent people to be blocked. In your case, some of your host’s default ModSecurity rules are causing legitimate users of your WordPress site to be blocked. The code disables these specific troublesome rules (identified by their ID numbers) on your site, without disabling ModSecurity entirely.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘CloudFlare IP ranges’ is closed to new replies.