Tag: Cloudflare

First two search results for “blocking origin access directly” on Google showed me two misleading Cloudflare community threads, with wrong security assumption, which is why I decided to write this guide. [1] [2] The best and recommended solution is using Authenticated Origin Pulls with custom certs per domain, but as this is not trivial to set up I decided write about…

The Misconception IP allowlisting involves configuring your origin server to accept connections only from specific IP addresses – in this case, Cloudflare’s IP ranges. The logic seems sound: by allowing only trusted IPs, you reduce the risk of unauthorized access. Unfortunately, this method overlooks several attack cases that can be exploited. My Observation Over the years, I’ve noticed numerous security…