Cloudflare Access Only check IPv4
Hello. I am using Cloudflare Tunnels combined with Cloudflare Access to IP restrict a page running on my ubuntu server.
My IPv4 stays the same but my IPv6 changes after a while. The issue is, when I only provide my IPv4 into the policy, it won't let me bypass the cloudflare access and I have to put my IPv6... however, that is changing after a while.
How can I configure my policy so it only checks the IPv4 even if the connection has IPv6?
6 Replies
That would require you to connect only over IPv4, not over IPv6, which would require you to disable IPv6 on your website(s), which you can't do on free plan
IP Whitelisting is pretty ehh, especially in this day and age when CF Access has a lot better options. Any reason not to use Google/Github/etc Login w/ Access, for example?
Well, it's just an additional security layer.
So the webpage is an admin panel, so there is a login system already in place. But I wanted to add additional security layer for only me (and people in my team) to be able to access it from our home network.
Are you whitelisting specific IPv6s or the entire /64 (or larger) range assigned?
specific
should whitelist the entire range assigned, or just switch to something based on identity
Thank you for the information. I have whitelisted the entire IPv6 range.
For anyone having similar use case:
- I have used
Get-NetIPAddress -AddressFamily IPv6 command in PowerShell to figure my IPv6 prefix length (usually 64)
- In Cloudflare Access Policy, I paste my IPv6 address and add /64