Can I configure a whitelist for a NodeBalancer public IP?
I currently have cloudflare set up to pass traffic from my domain to my NodeBalancer IP. I'm still able to bypass cloudflare and load my site if I use the public ip. Is there a method to establish a whitelist for incoming connections? (e.g. iptables or something equivalent that can be used with a nodebalancer)
2 Replies
Hey @aphares - you can absolutely use iptables to do this by configuring your backend nodes to only accept connections from Cloudflare. Someone asked a similar question on the Cloudflare forums, and here was the solution:
You’d need to configure your load balancer to only accept connections from Cloudflare addresses and drop everything else.
The good news is that Cloudflare has a guide on how to set this up using iptables: Allowing Cloudflare IP addresses
You could also do this using the X-Forwarded-For header with your webserver; this is a pretty common webserver configuration method for load balancing solutions. I'm not sure which webserver you're using, but NGINX has a pretty good guide on how to configure the header: https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/
Thank you for the reply - I can look into incorporating that into my project. In the future, would the cloud firewall also be a solution? (https://www.linode.com/products/cloud-firewall/)