Nginx Cloudflare IP Whitelisting and VPN Access Blocking Issue

zchatorg · March 17, 2025, 12:17pm

Hello,
I started by doing the procedures here : NGINX Cloudflare Access whitelist · GitHub

for https://web.zchat.org this app kiwiirc chat

cloudflare_whitelist.sh ( I added the necessary codes into it.)

I have configured Nginx to allow Cloudflare IP addresses while blocking access from VPN users, but despite all configurations being correct, everyone is still being blocked, and VPN access is still working. Below are the steps I followed:

Whitelisting Cloudflare IP Addresses:

I created the /etc/nginx/allow.conf file and added Cloudflare’s provided IPv4 and IPv6 IP address ranges to allow access:

nginx

# Cloudflare IP Ranges
allow 173.245.48.0/20;
allow 103.21.244.0/22;
allow 103.22.200.0/22;
allow 103.31.4.0/22;
allow 141.101.64.0/18;
allow 108.162.192.0/18;
allow 190.93.240.0/20;
allow 188.114.96.0/20;
allow 197.234.240.0/22;
allow 198.41.128.0/17;
allow 162.158.0.0/15;
allow 104.16.0.0/13;
allow 104.24.0.0/14;
allow 172.64.0.0/13;
allow 131.0.72.0/22;
# IPv6
allow 2400:cb00::/32;
allow 2606:4700::/32;
allow 2803:f800::/32;
allow 2405:b500::/32;
allow 2405:8100::/32;
allow 2a06:98c0::/29;
allow 2c0f:f248::/32;

Including the Allow File in the Nginx Configuration:

I included the allow.conf file in the main server block of the Nginx configuration:

server {
    server_name web.zchat.org;
    include /etc/nginx/allow.conf;
    root /usr/share/kiwiirc/;
    index index.php index.html index.htm;
    # deny specific IPs if needed (commented out)
    # allow all;  # Uncomment if you want to allow all
}

Problem Faced:

Despite adding Cloudflare IPs in the allow list, the server blocks all traffic (403 Forbidden error) and does not allow valid access. Even VPN connections are still being allowed despite the configuration to block them.

Steps Taken to Solve:

I ensured that all configurations were correct, including proper allow and deny rules.
I checked for syntax errors in the Nginx configuration and reloaded the service (nginx -t && systemctl restart nginx), but the problem persists.

I would appreciate any guidance or suggestions on what could be causing this issue and how I can resolve it.

Damian_Curry · March 18, 2025, 10:30pm

Can you share the full configuration that you are using? Based on the configuration that you shared, that is not the behavior I would expect to see. Are there any other server blocks that could be intercepting the requests?

zchatorg · March 22, 2025, 3:27pm

Mozilla Community Pastebin/JHhMwEAQ (Nginx configuration file) 21 day

Topic		Replies	Views
Nginx is letting some blocked IP addresses through and blocking some that are allowed Troubleshooting web-server	3	52	April 2, 2025
Nginx Proxy Header via another Porxy Troubleshooting reverse-proxy	0	60	February 25, 2025
Are there any issues with Inbound whitelisting on an SSL connection? "How Do I...?" reverse-proxy	1	37	February 27, 2025
Nginx 1.18.0 send requests repeatedly to server Troubleshooting reverse-proxy	2	29	April 10, 2025
Configure Nginx Proxy On Openwrt Troubleshooting web-server , api-gateway , reverse-proxy	1	165	February 10, 2025

Nginx Cloudflare IP Whitelisting and VPN Access Blocking Issue

Related topics