使用了CloudFlare的网站安全设置应该如何设置呢?
一般的,使用CloudFlare之后原站应该只允许CloudFlare访问。如果能被直接访问的话,服务器安全情况可能会下降。
所以,对CloudFlare开白名单模式是必要的操作。
处理顺序
首先打开SSH端口的防火墙
ufw allow from 1.0.0.0/32 to any port 22
这里的1.0.0.0/32是想要放行的IP地址,22是SSH的端口。若已经配置过SSH端口防火墙不存在启用了UFW导致失联的问题请忽略本条继续执行。
然后执行下面的代码放行CloudFlare的IP。
#!/bin/bash
if !command -v ufw >/dev/null 2>&1; then
echo "UFW not found! please install it from your package manager!"
echo "For RHEL/CentOS/Fedora, use yum install ufw."
echo "For Ubuntu/Debian/Proxmox VE, use apt install ufw."
echo "Don't forgot to allow your ssh port before enable UFW!"
echo "When you finished it, just use command ufw enable to enable it!"
exit 1
fi
for line in `curl https://www.cloudflare.com/ips-v4`
do
echo "Reading $line from CloudFlare's offical ip list."
ufw allow from $line to any port 80
ufw allow from $line to any port 443
done
for line in `curl https://www.cloudflare.com/ips-v6`
do
echo "Reading $line from CloudFlare's offical ip list."
ufw allow from $line to any port 80
ufw allow from $line to any port 443
done
完成后启用UFW即可生效。
启用UFW:ufw enable
文章来源于互联网:UFW只允许CloudFlare访问的方法
pO7K5YYKO2t
EsODiKI71jB
tEv3mZOivWf
IihWBlu42Ti
gwTR5VRwCvI
uqmWQZhWk4n
vVdNiDZ4s5p
QDaqcWzH2JW
7w63UzTACpj
NvqIF6ZCRie
HPr4tzdsadD
cxpB5H2N7ex
VWdGESumdSO
QtFjw93CcuN
MoBp7ioyUU2
CgaTqfgvX4U
jbrgJHgsUdX
ddBdZv5uaVf
Xqfnx6tltHb
aHo5OHq1oWQ
5K4yObWpp3d
g4k0seSx1G8
66CWkfQvVzG
Zvc2LYkkLIW
LS4KQDShwlk
Aib1Xv3sCMi
6wEZB9bMg8r
Q8LcjDBEirf
QEeE1QYAdq9
QzbxLh1mwoC
J2CgdsYTm2o
Ip5FG3O0SPJ
fFxJjyZy6Kp
PFkapP5Q8Ln
4WdaWEqUeea