Can I whitelist IPs to pass through Cloudflare's DDoS protection for Pages?
One of our client sites at the moment on Netlify is having a issues, where their bank tries to run a PCI compliance scan, but the requests from that scan get blocked by Netlify, likely as it seems like an attack. From my understanding, it makes quite a few simultaneous requests.
Netlify has said that running any sort of scan like this is against their terms, and will only allow it on the enterprise plan if we agree on a time window with them in advance. The scan will be done every 3 months so this would really not be ideal.
The bank asked if we could just whitelist their IPs but that is not possible on Netlify. Could we do this if we deployed the site on Cloudflare Pages + Workers instead?
3 Replies
I need help
It might be blocked by the default Bot Protection rules, but you should be able to whitelist the crawler with a Firewall Rule
Nice, I set up a copy of the site to test, and allowed their IPs with a Firewall Rule. I presume that will bypass bot and DDoS protection. I've asked the bank to run a test scan on this URL, and if it works we'll migrate to Cloudflare. Thanks for the response!