分享个生成仅允许cloudflare ip访问nginx的规则的生成脚本

2022-4-25 傅令江

用户请求必须通过cf才能访问到服务器否则直接403

网上抄的

#!/bin/bash

set -e

cf_ips() {
  echo "# https://www.cloudflare.com/ips"

  for type in v4 v6; do
    echo "# IP$type"
    curl -sL "https://www.cloudflare.com/ips-$type/" | sed "s|^|allow |g" | sed "s|\$|;|g"
    echo
  done

  echo "# Generated at $(LC_ALL=C date)"
}

#cf_ips > /usr/local/nginx/conf/cf.conf 
(cf_ips && echo "deny all; # deny all remaining ips") > /usr/local/nginx/conf/cf.conf

nginx -s reload

生成后在ngixn里面的server里面 Include就行了

include cf.conf;

然后加入crontab 一小时自动刷新一次

0 *  * * *  /root/allow_cf.sh > /dev/null

发表评论：