Whitelisting specific IP ranges of accessing the instance

There are malicious site tools that allow DNS look-up, and they most of the times provide historical data - a potential attacker could find out naked IP (thus bypassing anti-DDoS provider (Cloudflare in this case)) and access the site.

What I want to do:
Deny every address of accessing the site except officially disclosed Cloudflare IP ranges.
They are available online:

Any help is appreaciated

See Hiding the origin on cloudflare – you need to make sure the IP isn’t leaking anywhere.

Attempting to “deny IP access” is 100% pointless in the case of DDoS – by the time the traffic hits your server and NGINX “decides” not to respond to it, that is already a game over moment for you, because there will be billions of those requests saturating the pipe completely.