I need to prevent Google Cloud Engine external ip for public access, I mean users can access site only via domain over cloudflare, not GCE vm instance external ip. Maybe I must make Cloudflare IP ranges(https://www.cloudflare.com/ips-v4) whitelist from VPC Network/Firewall rules, but I don't know how?
