Cloudflare Docs
Cloudflare Fundamentals
Edit this page on GitHub
Set theme to dark (⇧+D)

Cloudflare IP addresses

Cloudflare has several IP address ranges which are shared by all proxied hostnames.

Together, these IP addresses form the backbone of our Anycast network, helping distribute traffic amongst various edge network servers.

​​ Allow Cloudflare IP addresses

Because of how Cloudflare works, all traffic to proxied DNS records pass through Cloudflare before reaching your origin server. This means that your origin server will stop receiving traffic from individual visitor IP addresses and instead receive traffic from Cloudflare IP addresses, which are shared by all proxied hostnames.

This setup can cause issues if your origin server blocks or rate limits connections from Cloudflare IP addresses. Because all visitor traffic will appear to come from Cloudflare IP addresses, blocking these IPs — even accidentally — will prevent visitor traffic from reaching your application.

To avoid rate limiting or blocking these requests, you will need to allow Cloudflare IPs at your origin server.

For Magic Transit customers, Cloudflare routes the traffic instead of proxying it. Once Cloudflare starts advertising your IP prefixes, it will accept IP packets destined for your network, process them, and then output these packets to your origin infrastructure.

​​ Customize Cloudflare IP addresses

If they do not want to use Cloudflare IP addresses — which are shared by all proxied hostnames — Enterprise customers have two potential alternatives:

  • Bring Your Own IP (BYOIP): Cloudflare announces your IPs in all our locations.
  • Static IP addresses: Cloudflare sets static IP addresses for your domain. For more details, contact your account team.

Business and Enterprise customers can also reduce the number of Cloudflare IPs that their domain shares with other Cloudflare customer domains by uploading a Custom SSL certificate.