/// <summary>
/// Configures the Firewall to allow requests from IP addresses which belong to Cloudflare.
/// </summary>
/// <param name="rule">Base rule which gets validated when the request did not come from Cloudflare.</param>
/// <param name="ipv4ListUrl">URL which returns a list of all Cloudflare IPv4 address ranges.</param>
/// <param name="ipv6ListUrl">URL which returns a list of all Cloudflare IPv6 address ranges.</param>
public static IFirewallRule ExceptFromCloudflare(
this IFirewallRule rule,
string ipv4ListUrl = null,
string ipv6ListUrl = null)
{
var helper = new CloudflareHelper(new HttpClient());
var(ips, cidrs) = helper.GetIPAddressRangesAsync(ipv4ListUrl, ipv6ListUrl).Result;
return(new IPAddressRule(new IPAddressRangeRule(rule, cidrs), ips));
}
/// <summary>
/// Configures the Firewall to allow requests from IP addresses proxied through Cloudflare.
/// </summary>
/// <param name="rule">Base rule which gets validated when the request did not come from Cloudflare or the client ip is not valid.</param>
/// <param name="allowedClientIPAddressRanges">Address ranges of client ips proxied through cloudflare</param>
/// <param name="ipv4ListUrl">URL which returns a list of all Cloudflare IPv4 address ranges.</param>
/// <param name="ipv6ListUrl">URL which returns a list of all Cloudflare IPv6 address ranges.</param>
public static IFirewallRule ExceptFromCloudflareAndClientIPRanges(
this IFirewallRule rule,
List <CIDRNotation> allowedClientIPAddressRanges,
string ipv4ListUrl = null,
string ipv6ListUrl = null)
{
var helper = new CloudflareHelper(new HttpClient());
var(ips, cidrs) = helper.GetIPAddressRangesAsync(ipv4ListUrl, ipv6ListUrl).Result;
return(new ReverseProxyClientIPAddressRangeRule(rule, cidrs, ips, allowedClientIPAddressRanges, "CF-Connecting-IP"));
}