Dedicated CDN Egress IPs
Enterprise customers can leverage dedicated egress1 IPs for layer 7 WAF and CDN services, as well as Spectrum. The egress IPs are reserved exclusively for your account so that you can increase your origin security by only allowing traffic from a small list of IP addresses.
Dedicated CDN Egress IPs was formerly known as Cloudflare Aegis (release blog post ↗).
With Dedicated CDN Egress IPs, you can:
- Lock down your network firewall to only allow traffic from your dedicated IPs.
- Use Cloudflare Access and CNI to secure your applications without installing software or customizing code on your server.
- Ensure only authorized Workers can access your origin services.
You can assign Dedicated CDN Egress IPs to single or multiple Cloudflare zones, and across different Cloudflare accounts.
Dedicated CDN Egress IPs are included within BGP advertisement over CNI.
Each dedicated egress pool can consist of either IPs from a BYOIP prefix or Cloudflare-leased IPs. A single dedicated egress pool cannot contain both BYOIPs and leased IPs.
-
From Cloudflare to your origin. Refer to how it works for details. ↩
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark