Cloud Platform
Cloudflare changing list of trusted IPs
Cloudflare is implementing a change to their list of trusted IPs.
Customers who've implemented an IP access control list populated with Cloudflare IPs, will need to update the access control list appropriately to maintain access to their site.
You will need to update your IP access control list (implemented for example in a custom Varnish configuration (VCL) or the .htaccess file of your site) to match the current IPs supplied by Cloudflare.
Note: Acquia deploys custom Varnish configurations on a fixed weekly schedule. To maintain access to your site, please ensure you allow for adequate time for the deployment and testing of any necessary VCL changes.
Acquia recommends monitoring https://www.cloudflare.com/ips/ for any updates to the list of Cloudflare trusted IPs. Cloudflare may also notify customers of any changes via email.
Example of email notification:
Cloudflare is making infrastructure changes to simplify customer configuration, and reduce the number of IPv4 addresses that could potentially interact with your origin on Cloudflare's behalf.
If your security model relies on allowing a list of trusted Cloudflare IPs from cloudflare.com/ips (or via API) on your origin, please make the following changes to your allow list by May 7, 2021 . This change is safe to make today.
Remove:
104.16.0.0/12Add:
104.16.0.0/13
104.24.0.0/14This change delists the 104.28.0.0/14 prefix, which is no longer in use by Cloudflare infrastructure. These addresses will be repurposed for use with our Gateway and WARP (secure web gateway and VPN) products, and may carry traffic from untrusted sources in the future.
Cloudflare does not recommend enforcing security policy at origins solely by trusting IP addresses. Argo Tunnels and Authenticated Origin Pulls 5 provide more secure and specific ways to secure origin connections from Cloudflare.
- Further detail on how to configure Argo Tunnels 4.
- Further detail on how to configure Authenticated Origin Pulls 5.
If you have further questions, please visit the Cloudflare Community 3
Cloud Platform