Created
October 10, 2022 13:57
-
-
Save simonesestito/213b0bf7bc5ccf5e4961e11b7f8d14b9 to your computer and use it in GitHub Desktop.
Nginx whitelist update script (403 for not whitelisted)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| # | |
| # Whitelist config file. | |
| # | |
| # Make sure | |
| # include /etc/nginx/conf.d/*.conf; | |
| # is present inside the http {} block of | |
| # /etc/nginx/nginx.conf | |
| # | |
| FIREWALL_FILE="/etc/nginx/conf.d/cloudflare.conf" | |
| if [ "$EUID" -ne 0 ] | |
| then echo "Please run as root" | |
| exit 1 | |
| fi | |
| cf_ips() { | |
| echo "# https://www.cloudflare.com/ips" | |
| for type in v4 v6; do | |
| echo "# IP$type" | |
| curl -sL "https://www.cloudflare.com/ips-$type/" | sed "s|^|allow |g" | sed "s|\$|;|g" | |
| echo | |
| done | |
| echo "# Generated at $(LC_ALL=C date)" | |
| echo "deny all; # deny all remaining ips" | |
| } | |
| cf_ips | tee "$FIREWALL_FILE" | |
| systemctl restart nginx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment