Can I configure a whitelist for a NodeBalancer public IP?

I currently have cloudflare set up to pass traffic from my domain to my NodeBalancer IP. I'm still able to bypass cloudflare and load my site if I use the public ip. Is there a method to establish a whitelist for incoming connections? (e.g. iptables or something equivalent that can be used with a nodebalancer)

2 Replies

Hey @aphares - you can absolutely use iptables to do this by configuring your backend nodes to only accept connections from Cloudflare. Someone asked a similar question on the Cloudflare forums, and here was the solution:

You’d need to configure your load balancer to only accept connections from Cloudflare addresses and drop everything else.

The good news is that Cloudflare has a guide on how to set this up using iptables: Allowing Cloudflare IP addresses

You could also do this using the X-Forwarded-For header with your webserver; this is a pretty common webserver configuration method for load balancing solutions. I'm not sure which webserver you're using, but NGINX has a pretty good guide on how to configure the header: https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/

Thank you for the reply - I can look into incorporating that into my project. In the future, would the cloud firewall also be a solution? (https://www.linode.com/products/cloud-firewall/)

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct