Last active
May 23, 2022 21:30
-
-
Save groundcat/4ef24d13ad13ddd0c7e6822c0bf11381 to your computer and use it in GitHub Desktop.
cloudflare-allow
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This script makes Nginx only allow IPs from Cloudflare | |
| # Create file with the following at: /etc/nginx/cloudflare-allow.conf | |
| # Then add in server {} block this line: include /etc/nginx/cloudflare-allow.conf; | |
| # https://www.cloudflare.com/ips | |
| allow 173.245.48.0/20; | |
| allow 103.21.244.0/22; | |
| allow 103.22.200.0/22; | |
| allow 103.31.4.0/22; | |
| allow 141.101.64.0/18; | |
| allow 108.162.192.0/18; | |
| allow 190.93.240.0/20; | |
| allow 188.114.96.0/20; | |
| allow 197.234.240.0/22; | |
| allow 198.41.128.0/17; | |
| allow 162.158.0.0/15; | |
| allow 104.16.0.0/13; | |
| allow 104.24.0.0/14; | |
| allow 172.64.0.0/13; | |
| allow 131.0.72.0/22; | |
| allow 2400:cb00::/32; | |
| allow 2606:4700::/32; | |
| allow 2803:f800::/32; | |
| allow 2405:b500::/32; | |
| allow 2405:8100::/32; | |
| allow 2a06:98c0::/29; | |
| allow 2c0f:f248::/32; | |
| allow 127.0.0.1; # allow local | |
| # other ips to allow | |
| # allow 1.1.1.1; | |
| # deny all remaining ips | |
| deny all; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This script restores IPs from Cloudflare | |
| # Create file with the following at: /etc/nginx/cloudflare-restore.conf | |
| # Then add in server {} block this line: include /etc/nginx/cloudflare-restore.conf; | |
| # https://www.cloudflare.com/ips | |
| set_real_ip_from 173.245.48.0/20; | |
| set_real_ip_from 103.21.244.0/22; | |
| set_real_ip_from 103.22.200.0/22; | |
| set_real_ip_from 103.31.4.0/22; | |
| set_real_ip_from 141.101.64.0/18; | |
| set_real_ip_from 108.162.192.0/18; | |
| set_real_ip_from 190.93.240.0/20; | |
| set_real_ip_from 188.114.96.0/20; | |
| set_real_ip_from 197.234.240.0/22; | |
| set_real_ip_from 198.41.128.0/17; | |
| set_real_ip_from 162.158.0.0/15; | |
| set_real_ip_from 104.16.0.0/13; | |
| set_real_ip_from 104.24.0.0/14; | |
| set_real_ip_from 172.64.0.0/13; | |
| set_real_ip_from 131.0.72.0/22; | |
| set_real_ip_from 2400:cb00::/32; | |
| set_real_ip_from 2606:4700::/32; | |
| set_real_ip_from 2803:f800::/32; | |
| set_real_ip_from 2405:b500::/32; | |
| set_real_ip_from 2405:8100::/32; | |
| set_real_ip_from 2a06:98c0::/29; | |
| set_real_ip_from 2c0f:f248::/32; | |
| #use any of the following two | |
| #real_ip_header CF-Connecting-IP; | |
| real_ip_header X-Forwarded-For; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Order Deny, Allow | |
| Deny from all | |
| allow from 173.245.48.0/20 | |
| allow from 103.21.244.0/22 | |
| allow from 103.22.200.0/22 | |
| allow from 103.31.4.0/22 | |
| allow from 141.101.64.0/18 | |
| allow from 108.162.192.0/18 | |
| allow from 190.93.240.0/20 | |
| allow from 188.114.96.0/20 | |
| allow from 197.234.240.0/22 | |
| allow from 198.41.128.0/17 | |
| allow from 162.158.0.0/15 | |
| allow from 104.16.0.0/13 | |
| allow from 104.24.0.0/14 | |
| allow from 172.64.0.0/13 | |
| allow from 131.0.72.0/22 | |
| allow from 2400:cb00::/32 | |
| allow from 2606:4700::/32 | |
| allow from 2803:f800::/32 | |
| allow from 2405:b500::/32 | |
| allow from 2405:8100::/32 | |
| allow from 2a06:98c0::/29 | |
| allow from 2c0f:f248::/32 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment