如何利用Cloudflare防止源站IP被泄露?

相信现在有博客的朋友,基本上都套上了Cloudflare,原因在此就不细说了,下面来谈一下如何利用Cloudflare防止源站IP被泄露?

教程适用于centos,如果是debian和ubuntu,请用apt-get install命令来安装软件

# 检查是否安装了iptables

service iptables status

# 安装iptables

yum install -y iptables

# 升级iptables

yum update iptables

# 安装iptables-services

yum install -y iptables-services

# 查看默认防火墙状态

firewall-cmd --state

# 停止firewall

systemctl stop firewalld.service

# 禁止firewall开机启动

systemctl disable firewalld.service

# 禁用firewalld服务

systemctl mask firewalld

# 查看iptables现有规则

iptables -L -n

# 先允许所有

iptables -P INPUT ACCEPT

# 清空所有默认规则

iptables -F

# 清空所有自定义规则

iptables -X

# 所有计数器归0

iptables -Z

# 禁止来自IPv4的所有HTTP/S访问请求

iptables -I INPUT -p tcp --dport 80 -j DROP
iptables -I INPUT -p tcp --dport 443 -j DROP

# 对Cloudflare CDN IPv4地址开放HTTP/S入站访问

for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -s $i -p tcp --dport 80 -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -s $i -p tcp --dport 443 -j ACCEPT; done

# 禁止来自IPv6的所有HTTP/S访问请求

ip6tables -I INPUT -p tcp --dport 80 -j DROP
ip6tables -I INPUT -p tcp --dport 443 -j DROP

# 对Cloudflare CDN IPv6地址开放HTTP/S入站访问

for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -s $i -p tcp --dport 80 -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -s $i -p tcp --dport 443 -j ACCEPT; done

# 保存iptables配置

iptables-save
ip6tables-save

# 保存规则(路径:/etc/sysconfig/iptables和ip6tables)

service iptables save
service ip6tables save

# 开启iptables服务

systemctl enable iptables.service
systemctl enable ip6tables.service

# 自动载入规则

chkconfig iptables on
chkconfig ip6tables on

# 开启服务

systemctl start iptables.service
systemctl start ip6tables.service

# 查看状态

systemctl status iptables.service
systemctl status ip6tables.service

# 重启iptables

systemctl restart iptables.service
systemctl restart ip6tables.service

教程转自:

https://www.hostloc.com/thread-763954-1-1.html