Firewall Whitelist

helloimalastair · November 17, 2022, 10:40am

I’m currently developing an application that will be proxied by Cloudflare. Is it possible to whitelist Cloudflare’s IPs from my apps, so that only they can access them? I know I can apply a proxy on top, but I was just trying to see if there was a Fly-native solution.

ignoramous · November 17, 2022, 11:56am

Fly does not yet have an API to set L3 firewall rules. So, you’d have to impl it yourself.

I was just trying to see if there was a Fly-native solution

If you are using the HTTP handler, then Fly adds x-forwarded-for header containing client IP.

For TCP, you’d have to use the Proxy Proto handler if you need client IP.

For UDP, client IP is preserved.

helloimalastair · November 17, 2022, 11:58am

Sounds good. It isn’t mission-critical to verify IP addresses for me, as I do other kinds of verification, but just an extra layer of protection.

helloimalastair · November 17, 2022, 11:59am

Do you know if this is planned, or in a roadmap somewhere?(If not, totally fine)

ignoramous · November 17, 2022, 12:07pm

From what I gather from the forums, I don’t think it is priority for them. That said, I am not really privvy to any inside information.

There is indeed a latent demand for a programmable L3 Firewall for both out bound and in bound traffic.