Hot

How to add Cloudflare IP Range to Amazon AWS EC2 Security Group

If you are like me using  Cloudflare as your DNS provider for your website and you are using an Amazon EC2 instance as your host, this might be an extra security step you want to implement. You want to do this to protect your server from being directly accessible to the Internet.  In this way, only CloudFlare servers will be able to access your web host which significantly improves your security directly.

CloudFlare IPs Amazon EC2 Security Group

First, copy down the ips from CloudFlare https://www.cloudflare.com/ips/

Now that you have the list of IP’s that we are going to add to our instance lets dive into this topic. To see which security groups you are using, go to the EC2 Dashboard and then select Instances.  Then you want to the right click on your EC2 instance and select networking >> change security groups.  The Security Groups box should pop with a list of current groups. You can choose which group to use or if already have you will see the checkbox marked.

 


Now, after you figure out the security groups in use, it will allow you to edit the security group.  To do so go to Network & Security >> Security Groups.  This will display a list of the security groups that have been created.

To edit, click on the security group for instance.  Then the table at the bottom will have (4) tabs – Description, Inbound, Outbound, Tags.  We want the one with restricted Inbound traffic, so click on the corresponding tab and then Edit.

This brings up the Inbound rules table.  Here you can choose the Add Rule button at the bottom which makes a new row for your configuration.  Make sure you specify HTTP for the Type and Custom IP for the Source.  At that point, you just include the Cloudflare IP addresses. You can then expel the Any Source and 0.0.0.0/0 which will confine any web movement with the exception of that originating from Cloudflare. Only add the Cloudflare IP addresses.  You can then remove the  Source and which will restrict any web traffic except that coming from Cloudflare. At this point, you just include the Cloudflare IP addresses. You can then delete the Any Source and 0.0.0.0/0 which will confine any web movement with the exception of that originating from Cloudflare.

Here is a list of the IP’s from CloudFare which again can be found here.

        IPv4                                                    IPv6    

103.21.244.0/22        2400:cb00::/32
103.22.200.0/22        2405:8100::/32
103.31.4.0/22          2405:b500::/32
104.16.0.0/12          2606:4700::/32
108.162.192.0/18       2803:f800::/32
131.0.72.0/22          2c0f:f248::/32
141.101.64.0/18        2a06:98c0::/29
162.158.0.0/15
172.64.0.0/13
173.245.48.0/20
188.114.96.0/20
190.93.240.0/20
197.234.240.0/22
198.41.128.0/17
199.27.128.0/21

 

About admin

I am a Tech Nerd and in my leisure time, I engage myself with my blog. I have been working in the IT/Dev area for 8 years now. I always try to help others and I believe in the “Growing Together” ideology.

Leave a Reply

Your email address will not be published. Required fields are marked *

*