Has anyone tried this with not already having 30120 port forwarded as well? I have noticed that this config ends up revealing my ip address still.
What about layer 7 protection and securing all other ports?
Like OVH/Windows firewall only allowing ipv4 traffic via specific IPs should lock the server down to the point of being untouchable yes?
Hey,
Can we have the real ip of the players instead of 127.0.0.1
Hi! @ItsAndromeda ! How you doin? I am just confused on how should I do with Integrating with FiveM. Can you please enlighten me and teach me how to setup this? Iâve been trying to understand it for about 8 hours already it seems i got no luck on understanding it. Thanks!
I am not really understanding what you meant about this one.
3. Set up a reverse proxy for your FiveM server. The reverse proxy should listen on port 443 and forward requests to the connecting endpoint specified in the route.
Hey man! Iâm trying to set this up with Cloudflare DNS Proxy rather than the tunnel, but Iâm getting the following error:
Couldnât resolve URL <code>.
Do you have any idea what might cause this? Iâd imagine the setup for the proxy wouldnât be too different to the tunnel setup. The proxy IP ranges are the same as well.
My server is reachable through a Traefik reverse proxy listening on port 443, and the domain is proxied through Cloudflare. I can retrieve the info.json files and everything from the domain as well as the users.cfx.re proxy as well as connect using the domain as long as I put https:// in front of it, but connecting with the code doesnât seem to work.
Any help would be appreciated!
1 Like
When I do this, while fivem starts itâs connection through the cloudflare tunnel, the actual connection bypasses cloudflare and goes straight to your reverse proxy or server (depending on what sv_endpoints is set to). Itâs fairly trivial to then attack your proxy/server directly since itâs IP is exposed with a simple netstat query, because I still need to keep port 30120 open on my endpointâs firewall.
If you donât set sv_endpoints, then it tries to connect to port 30120 on the initial IP it was given (the cloudflareâs network edge), which would be fine but Cloudflare doesnât support nonstandard HTTP(S) ports without cloudflare also installed on client machines.
So how did you solve this? I also found that my IP is just simply exposed in a simple netstat queryâŚ
I havenât figured out how to send actual gameplay through a cloudflare tunnel without running cloudflare on the client. You can protect TX admin though since itâs a web app. Cloudflareâs tunnel works great for that.
But I donât think this guide should be advertising gameplay data flows through cloudflare unless they make it very clear how to set it up without extra client software.
Does anyone have a template for nginx, anything I could use to set this up?
This issue has a straightforward solution, primarily stemming from the domain configuration. Specifically, the problem lies within a configuration feature known as âBot Fight Modeâ This setting triggers a âManaged Challengeâ action upon requests, often resulting in the blocking of requests and displaying the âServer list queryâ error. To address this, there are two potential solutions:
-
Disable Bot Fight Mode (Not Recommended): This option involves turning off the Bot Fight Mode feature entirely. However, this may leave the system vulnerable to certain threats and is not the recommended course of action.
-
Create a New Security Rule to Exclude Fivem-Related IPs (Recommended): A more advisable solution is to establish a new security rule specifically designed to bypass IPs associated with Fivem. This approach maintains the integrity of the Bot Fight Mode while allowing legitimate Fivem-related requests to proceed without hindrance.
Hey, could you elaborate on âIPs associated with Fivemâ for me? From the phrasing of your response, I am thinking that you are not referring to individual client IPs, but a set of known IPs by FiveM. If thatâs the case, can you provide a list that we should add to bypass?
FiveM uses OVH services, search about OVH IP ranges. 
Thank you a lot 
Which service do we need to buy from cloudflare to provide a proxy to the FiveM server? Thanks!
you must disable bot fight mode. Get started with Bot Fight Mode ¡ Cloudflare bot solutions docs
Cloudflare ZTNA baybee. Itâs on the description (unless I missed something about hte question)
I had the same issue, did you ever figure it out?
Nope, sadly not.