Cloudflare Docs
WAF
Visit WAF on GitHub
Set theme to dark (⇧+D)

IP Access rules

Use IP Access rules to allowlist, block, and challenge traffic based on the visitor’s IP address, country, or Autonomous System Number (ASN).

IP Access rules are commonly used to block or challenge suspected malicious traffic. Another common use of IP Access rules is to allow services that regularly access your site, such as APIs, crawlers, and payment providers.

You can create IP Access rules in the Cloudflare dashboard or via API.

​​ Availability

IP Access rules are available to all customers.

Each Cloudflare account can have a maximum of 50,000 rules. If you are an Enterprise customer and need more rules, contact your account team.

Block by country is only available on the Enterprise plan. Other customers may perform country blocking using firewall rules.

​​ Important remarks

To learn more about protection options provided by Cloudflare to protect your website against malicious traffic and bad actors, refer to Secure your website.