使用IIS套上cloudflare后,很多人不知道禁止非cloudflare ip访问,今天给个一键代码,在ps里边执行即可。
# Cloudflare IP 地址列表
$cloudflareIPs = @(
"173.245.48.0/20",
"103.21.244.0/22",
"103.22.200.0/22",
"103.31.4.0/22",
"141.101.64.0/18",
"108.162.192.0/18",
"190.93.240.0/20",
"188.114.96.0/20",
"197.234.240.0/22",
"198.41.128.0/17",
"162.158.0.0/15",
"104.16.0.0/13",
"104.24.0.0/14",
"172.64.0.0/13",
"131.0.72.0/22"
)
# 获取所有 IIS 网站的配置
$sites = Get-Website
# 循环遍历所有 IIS 网站并添加 Cloudflare IP 地址到允许列表
foreach ($site in $sites) {
$siteName = $site.Name
$siteConfig = Get-WebConfiguration -PSPath "IIS:\Sites\$siteName"
foreach ($ipRange in $cloudflareIPs) {
$ruleName = "AllowCloudflareIP_$([System.Guid]::NewGuid())"
$addRuleScript = @"
ipconfig /flushdns
New-WebConfigurationProperty -PSPath 'IIS:\Sites\$siteName' -Filter "system.webServer/security/ipSecurity" -Name "." -Value @{
"ipAddress" = "$ipRange";
"subnetMask" = "255.255.255.255";
"allowed" = $true;
"domainName" = '';
"byPass" = $false;
"matchOnly" = $true;
"negate" = $false;
"ruleName" = "$ruleName";
"enableReverseDns" = $false;
}
"@
Invoke-Expression $addRuleScript
}
# 应用更改
$siteConfig | Set-WebConfiguration -Verbose
}
发表回复
要发表评论,您必须先登录。