相信现在有博客的朋友,基本上都套上了Cloudflare,原因在此就不细说了,下面来谈一下如何利用Cloudflare防止源站IP被泄露?
教程适用于centos,如果是debian和ubuntu,请用apt-get install命令来安装软件
# 检查是否安装了iptables service iptables status # 安装iptables yum install -y iptables # 升级iptables yum update iptables # 安装iptables-services yum install -y iptables-services # 查看默认防火墙状态 firewall-cmd --state # 停止firewall systemctl stop firewalld.service # 禁止firewall开机启动 systemctl disable firewalld.service # 禁用firewalld服务 systemctl mask firewalld # 查看iptables现有规则 iptables -L -n # 先允许所有 iptables -P INPUT ACCEPT # 清空所有默认规则 iptables -F # 清空所有自定义规则 iptables -X # 所有计数器归0 iptables -Z # 禁止来自IPv4的所有HTTP/S访问请求 iptables -I INPUT -p tcp --dport 80 -j DROP iptables -I INPUT -p tcp --dport 443 -j DROP # 对Cloudflare CDN IPv4地址开放HTTP/S入站访问 for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -s $i -p tcp --dport 80 -j ACCEPT; done for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -s $i -p tcp --dport 443 -j ACCEPT; done # 禁止来自IPv6的所有HTTP/S访问请求 ip6tables -I INPUT -p tcp --dport 80 -j DROP ip6tables -I INPUT -p tcp --dport 443 -j DROP # 对Cloudflare CDN IPv6地址开放HTTP/S入站访问 for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -s $i -p tcp --dport 80 -j ACCEPT; done for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -s $i -p tcp --dport 443 -j ACCEPT; done # 保存iptables配置 iptables-save ip6tables-save # 保存规则(路径:/etc/sysconfig/iptables和ip6tables) service iptables save service ip6tables save # 开启iptables服务 systemctl enable iptables.service systemctl enable ip6tables.service # 自动载入规则 chkconfig iptables on chkconfig ip6tables on # 开启服务 systemctl start iptables.service systemctl start ip6tables.service # 查看状态 systemctl status iptables.service systemctl status ip6tables.service # 重启iptables systemctl restart iptables.service systemctl restart ip6tables.service
教程转自: