Last update at :2024-07-12,Edit by888u
CloudFlare's DDOS protection capabilities are built-in. Configuring firewalls, etc. can achieve the functions of defending against DDOS and resisting CC.
1. Malicious IP enables verification code
Enter the CloudFlare backend, select Firewall at the top, and select as shown below
The two together mean that when the threat value of an IP reaches more than 2 points and does not belong to a known crawler, the verification code will be used to intercept access.
2. Automatically block malicious IPs
The following script is to find the attacker's IP, and use the script to analyze the frequency of access to a certain IP in the log in one minute, if it exceeds a certain frequency (generally, normal access should not exceed 60 times in one minute. You can set it to a smaller value), which is considered a malicious IP. At the same time, upload the malicious IP to CloudFlare and block it.
Set the CloudFlare account, API, etc. as your own. #/bin/bash #Log file, you need to change it to your own path logfile=/data/wwwlogs/ last_minutes=1 #Start time 1 minute ago (this can be modified, if you want the number of attacks within a few minutes, you can customize it here) start_time= date +"%Y-%m-%d %H:%M:%S" -d '-1 minutes' echo $start_time #endtimenow stop_time=`date +"%Y-%m-%d %H:%M:%S"` echo $stop_time cur_date="`date +%Y-%m-%d`" echo $cur_date #Filter out the logs between units and count the highest IP number. Please replace it with your log path. tac $logfile/sky.ucblog.net_nginx.log | awk -v st="$start_time" -v et="$stop_time" '{t=substr($2,RSART+14,21);if(t>=st && t $logfile/log_ip_top10 ip_top=`cat $logfile/log_ip_top10 | head -1 | awk '{print $1}'` ip=`cat $logfile/log_ip_top10 | awk '{if($1>2)print $2}'` # IPs with more than 2 visits to a single IP within unit time [1 minute] are recorded in black.log. In order to test setting 2 here, you need to change it to other numbers. for line in $ip do echo $line >> $logfile/black.txt echo $line # You can also execute CF API here to submit data to the CF firewall. done # Fill in the Cloudflare Email address CFEMAIL="admin@bmvps.com" # Fill in the Cloudflare API key CFAPIKEY="xxxxxxxxxxxxxxxxxxxxxxxx" # Fill in the ID corresponding to the Cloudflare Zones ID domain name ZONESID="xxxxxxxxxxxxxxxxxxxxxxxxxxx" # /data/wwwlogs/black.txt stores the IP list of malicious attacks # IP one per line. IPADDR=$(
Scheduled tasks: * * * * * /bin/bash /root/CF.sh > /tmp/ou1t.log 2>&1
3. Automatically activate the 5-second shield
The script is open source: https://github.com/Machou/Cloudflare-Block
cd /root && git clone https://github.com/Machou/Cloudflare-Block.git DDoS
Scheduled task crontab -e */1 * * * * /root/DDoS/Cloudflare.sh 0 # check every 1 minute if protection is not enabled */20 * * * * /root/DDoS/Cloudflare.sh 1 # check every 20 minutes if protection is enabled
API_KEY: https://dash.cloudflare.com/profile MAIL_ACCOUNT: Your Cloudflare registration email DOMAIN: https://dash.cloudflare.com/_zone-id_/domain.com (domain.com is your email address)
Recommended site searches: game server rental, online store virtual host, domain name query official website, application for free space, website IP address query, cloud server IP query for 6 yuan per year, Hong Kong server hosting, foreign vps, virtual host application,
发表评论