Cloudflare is making infrastructure changes to simplify customer configuration, and reduce the number of IPv4 addresses that could potentially interact with your origin on Cloudflare's behalf.
If your security model relies on allowing a list of trusted Cloudflare IPs from
cloudflare.com/ips (or via
API) on your origin,
please make the following changes to your allow list by May 7, 2021. This change is safe to make today.
Remove:
104.16.0.0/12
Add:
104.16.0.0/13
104.24.0.0/14
This change delists the
104.28.0.0/14 prefix, which is no longer in use by Cloudflare infrastructure. These addresses will be repurposed for use with our Gateway and WARP (secure web gateway and VPN) products, and may carry traffic from untrusted sources in the future.
Cloudflare does not recommend enforcing security policy at origins solely by trusting IP addresses.
Argo Tunnels and
Authenticated Origin Pulls provide more secure and specific ways to secure origin connections from Cloudflare.
If you have further questions, please visit the
Cloudflare Community.
Regards,
The Cloudflare Team
No comments:
Post a Comment