All of our servers, site and Discourse community (discussions.ftw.in) sit behind Cloudflare.
Can we set at the Discourse server level to only allow Cloudflare IPs and deny all other IP traffic?
We’ve been under a DDoS layer 7 attack and learned our main site IP was exposed.
To fix this, we updated our .htaccess on our main site server to only allow traffic from Cloudflare IPs and deny all other traffic. This does not let our origin server IP get exposed.
We are not exactly sure how to do the same above for our Discourse server at the server level. In my searches, I’ve seen cloudflare.template.yml mentioned and that it’s set to make sure we are seeing our user IPs, but I’m not sure.
Thanks in advance!