IP Lists
Use IP Lists to refer to a group of IP addresses collectively, by name, in your firewall rule expression. You can create your own custom lists of IP addresses or use lists managed by Cloudflare.
For example, use a list of known office IP addresses in a firewall rule that allows requests from the addresses on the list to bypass security features. Or you may want to block requests that do not come from the known office addresses.
When you update the content of a list, any rules that use the list are automatically updated, so you can make a single change to your firewall rules list rather than modify rules individually.
Cloudflare stores your lists at the account level and sends to the edge, so you can view, manage, and incorporate them into firewall rules for any of your zones.
Advantages of IP Lists
Using IP Lists has these advantages:
- When creating a firewall rule, using an IP List is easier and less error-prone than adding a long list of IP addresses to a firewall rules expression.
- When updating a set of firewall rules that target the same group of IP addresses, using an IP List is easier and less error prone than editing multiple firewall rules.
- IP Lists are easier to read and more informative, particularly when you use descriptive names for your lists.
Managed IP Lists
Use Managed IP Lists to access Cloudflare’s IP threat intelligence.
Cloudflare provides the following Managed IP Lists:
| Display name | Name in expressions | Description |
|---|---|---|
| Cloudflare Open Proxies | cf.open_proxies | IP addresses of known open HTTP and SOCKS proxy endpoints, which are frequently used to launch attacks and hide attackers identity. |
| Cloudflare Anonymizers | cf.anonymizer | IP addresses of known anonymizers (Open SOCKS Proxies, VPNs, and TOR nodes). |
| Cloudflare VPNs | cf.vpn | IP addresses of known VPN servers. |
| Cloudflare Malware | cf.malware | IP addresses of known sources of malware. |
| Cloudflare Botnets, Command and Control Servers | cf.botnetcc | IP addresses of known botnet command-and-control servers. |
Availability
The number of IP Lists you can create depends on the Cloudflare plans associated with the zones in your account. You can store up to a total of 10,000 items across all your lists, regardless of your plan.
The Cloudflare Enterprise plan provides access to the Cloudflare Open Proxies Managed IP List. Other Managed IP Lists are available as part of Enterprise Security Bundles. For more information, contact your account team.
| Feature | Free | Pro | Business | Enterprise | Enterprise Advanced |
|---|---|---|---|---|---|
| Number of IP Lists | 1 | 10 | 10 | 10 | 10 |
| Cloudflare Open Proxies Managed IP List | – | – | – | Yes | Yes |
| All Managed IP Lists | – | – | – | – | Yes |
User role requirements
The following user roles have access to the list management functionality:
- Super Administrator
- Administrator
- Firewall
Managing lists
To manage and edit IP Lists from your Cloudflare account interface, refer to Use IP Lists.
To manage and edit IP Lists using the Cloudflare API, refer to Lists API.
Using lists in expressions
Both the Cloudflare dashboard and the Cloudflare API support IP Lists.
To use IP Lists in an expression from the Cloudflare dashboard, refer to Use lists in expressions.
To refer to an IP List in a Cloudflare Filters API expression, refer to Values: Lists in the Rules language reference.