Allow traffic from IP addresses in allowlist only
This example blocks incoming requests from IP addresses that are not present in an allowlist (defined using an IP list).
-
Create an IP list with the IP addresses for which you want to allow access.
For example, create an IP list namedallowed_ipswith one or more IP addresses. For more information on the accepted IP address formats, refer to IP lists. -
Create a custom rule blocking any requests from IPs not present in the list you created (
allowed_ipsin the current example).-
When incoming requests match:
Field Operator Value IP Source Address is not in list allowed_ipsIf you are using the Expression Editor:
(not ip.src in $allowed_ips) -
Action: Block
-
-
(Optional) Update your expression with any extra filters, like blocking non-allowlisted IPs only for specific URI paths:
Field Operator Value IP Source Address is not in list allowed_ipsAnd URI Path wildcard /admin/*If you are using the Expression Editor:
(not ip.src in $allowed_ips and http.request.uri.path wildcard "/admin/*")
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
