Is there a way to disable fly.dev domains and use IP only?
Also, is origin-lock on CF with a secret the only option for avoid traffic directly to the IP address?
Hi there,
There’s no way to disable fly.dev. What you can do is have your app reject requests that use the fly.dev Host as the first step in your handler (most frameworks allow you to set a middleware to do this).
You can do something similar to drop external requests from non-CF IP addresses, pretty sure you can get a list of CF’s IPs and allowlist only those in your app.
Please also note that removing fly.dev domain isn’t a reliable way to prevent access to your app through IPs directly. We’re a pretty publicized company and our IP space is well-known, so anyone can scan the entire IP space we have with not too much effort. fly-proxy rejects all connections that do not correspond to a valid app service, and if you use our managed TLS certs, we also reject any client that does not complete a proper TLS handshake. However if a connection reaches ever reaches one of your machines, it is up to your application logic to reject those.