Cloudflare Docs
Aegis
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)

How Cloudflare Aegis works

When you use Cloudflare as a reverse proxy, Cloudflare’s globl network sits between client requests and your origin servers.

Zooming in to what happens as a request routes through Cloudflare, you can consider two parts of the process: ingress and egress.

Ingress refers to the data center where the client request lands on, based on Internet routing. From there on, the request will be processed according to your Cloudflare configurations and, if needed, a connection to the origin will be initiated via an egress data center.

Traditionally, Cloudflare maintains a very large pool of egress IPs that are used by all Cloudflare customers and are publicly documented. With Aegis, Cloudflare provides dedicated egress IP addresses that are reserved for you.

​​ Benefits

With dedicated egress IPs, you can:

  • Lock down your network firewall to only allow traffic from the Aegis IPs.
  • Use Cloudflare Access to secure your applications without installing software or customizing code on your server.
  • Ensure only authorized Workers can access your origin services.

Refer to the introductory blog post for details and example use cases.

​​ Scope

You can assign Aegis IPs to single or multiple Cloudflare zones, and across different Cloudflare accounts.

Aegis IPs are included within BGP advertisement over CNI.