Hugo博客公告弹窗

Nginx配置仅允许cloudflare回源IP访问

☺☠〠

让Nginx只接受cloudflare(以下简称cf)的回源请求,不允许其他客户端直接访问源服务器。

首先获取最新的cf回源IP,并转换成nginx的配置文件格式。

https://www.cloudflare.com/ips-v4

https://www.cloudflare.com/ips-v6

https://www.cloudflare.com/zh-cn/ips/

在/www/server/nginx/conf目录创建cfip.conf 写入以下内容:

#IPv4
allow 127.0.0.1;
allow 173.245.48.0/20;
allow 103.21.244.0/22;
allow 103.22.200.0/22;
allow 103.31.4.0/22;
allow 141.101.64.0/18;
allow 108.162.192.0/18;
allow 190.93.240.0/20;
allow 188.114.96.0/20;
allow 197.234.240.0/22;
allow 198.41.128.0/17;
allow 162.158.0.0/15;
allow 104.16.0.0/13;
allow 104.24.0.0/14;
allow 172.64.0.0/13;
allow 131.0.72.0/22;

#IPv6
allow ::1;
allow 2400:cb00::/32;
allow 2606:4700::/32;
allow 2803:f800::/32;
allow 2405:b500::/32;
allow 2405:8100::/32;
allow 2a06:98c0::/29;
allow 2c0f:f248::/32;

然后在站点的 Nginx 配置文件 Server 区块中加入以下内容

include cfip.conf;
deny all;

重启nginx。

完结

CC BY-NC-SA 4.0 转载请注明
最后更新于 2024-11-23 15:12
clarity统计