I am using Cloudflare (CDN) and I would like to allow access to my site from only it's IPs, but it's not possible since I use set_real_ip_from to preserve real user IPs in forum logs.

I have this in my nginx.conf:
# Cloudflare
set_real_ip_from 204.93.240.0/24;
set_real_ip_from 204.93.177.0/24;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
real_ip_header CF-Connecting-IP;

And I am trying to use this in location ~ \.php$ {
allow 204.93.240.0/24;
allow 204.93.177.0/24;
allow 199.27.128.0/21;
allow 173.245.48.0/20;
allow 103.22.200.0/22;
allow 141.101.64.0/18;
allow 108.162.192.0/18;
allow 190.93.240.0/20;
deny all;

So is there some way to bypass real_ip_from while using allow/deny? Or maybe some other ideas.

Up, sorry for necroposting but i need a solution about it. The problem is the same.

I want that nginx serves ONLY cloudflare ip. So if someone access the site from the direct ip the connection will abort.

shayol Wrote:
-------------------------------------------------------
> Up, sorry for necroposting but i need a solution about it. The problem
> is the same.
>
> I want that nginx serves ONLY cloudflare ip. So if someone access the
> site from the direct ip the connection will abort.


Any solution? Also needed. Please help.