• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question How to Block Direct IP Access and Ensure All Traffic Routes Through Cloudflare

majdi draouil

majdi draouil

New Pleskian
Server operating system version
Ubuntu 22.04.4 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.66 Update #2
Here's a draft for your thread on the Plesk forum:




Hello,


I have a server running with Plesk, and I'm using Cloudflare to proxy traffic to my domain. However, I’ve noticed that accessing my server directly via its IP address bypasses Cloudflare, and I want to block such direct access completely.


Here’s my setup:


  • I have an A record in Cloudflare pointing to my server’s IP, and it is set to Proxied (orange cloud icon).
  • My server is accessible via its IP address, which I want to block.
  • I’d like to ensure that all traffic routes only through Cloudflare, and direct IP access shows a block or error message (e.g., Error 1003).

I’m looking for guidance on how to configure this on my server using Plesk. Specifically:


  1. How do I configure the firewall or web server (Apache/Nginx) in Plesk to block all requests not routed through Cloudflare?
  2. Are there specific Plesk modules or extensions to manage this easily?
  3. How do I restrict access to only Cloudflare’s IP ranges?

i want like this 1736606257172.png


Thank you in advance.






link of post https://community.cloudflare.com/t/...-access-and-ensure-error-1003-response/754634
 
Hi,

There are 2 possible scenarios:

1. all websites are passed via Cloudflare: You firewall ports 80 and 443 to allow access only from the Cloudflare IP addresses

In this case, there won't be any block page since the connection won't be allowed.

2. Only some of the websites are passed via Cloudflare: You can't firewall ports 80 and 443 but you can allow access only from Cloudflare IP addresses to specific websites from Apahce & nginx > Deny access to the site:
1736611059718.png
However, in this case you log the visitor's real IP address (only Cloudflare IP addresses) and you can't issue Let's Encrypt certificates

As for the block page, it will have to be set as a custom 403 page in Plesk.
 
You must log in or register to reply here.

Similar threads

S
Issue Plesk not showing correct IPs in error logs and is blocking cloudflare IPs in fail 2 ban resulting in server going down.
Replies
4
Views
418
sulabhpuri
S
C
Question Plesk with Cloudflare Proxy DNS Records and Letsencrypt..
Replies
0
Views
566
cpulove
C
C
Question How can I secure my Mail with Letsencrypt next to Cloudflares Origin Certificate in Plesk?
Replies
4
Views
507
cpulove
C
F
Question Whitelisting IPs in Firewall > How to include our dynamic IP?
Replies
1
Views
803
scsa20
scsa20
P
Issue Certificate problem in Plesk
Replies
5
Views
589
Raul A.
R
Back
Top