使用IIS套上cloudflare后,很多人不知道禁止非cloudflare ip访问,今天给个一键代码,在ps里边执行即可。
- # Cloudflare IP 地址列表
- $cloudflareIPs = @(
- “173.245.48.0/20”,
- “103.21.244.0/22”,
- “103.22.200.0/22”,
- “103.31.4.0/22”,
- “141.101.64.0/18”,
- “108.162.192.0/18”,
- “190.93.240.0/20”,
- “188.114.96.0/20”,
- “197.234.240.0/22”,
- “198.41.128.0/17”,
- “162.158.0.0/15”,
- “104.16.0.0/13”,
- “104.24.0.0/14”,
- “172.64.0.0/13”,
- “131.0.72.0/22”
- )
- # 获取所有 IIS 网站的配置
- $sites = Get-Website
- # 循环遍历所有 IIS 网站并添加 Cloudflare IP 地址到允许列表
- foreach ($site in $sites) {
- $siteName = $site.Name
- $siteConfig = Get-WebConfiguration -PSPath “IIS:\Sites\$siteName”
- foreach ($ipRange in $cloudflareIPs) {
- $ruleName = “AllowCloudflareIP_$([System.Guid]::NewGuid())”
- $addRuleScript = @”
- ipconfig /flushdns
- New-WebConfigurationProperty -PSPath ‘IIS:\Sites\$siteName’ -Filter “system.webServer/security/ipSecurity” -Name “.” -Value @{
- “ipAddress” = “$ipRange”;
- “subnetMask” = “255.255.255.255”;
- “allowed” = $true;
- “domainName” = ”;
- “byPass” = $false;
- “matchOnly” = $true;
- “negate” = $false;
- “ruleName” = “$ruleName”;
- “enableReverseDns” = $false;
- }
- “@
- Invoke-Expression $addRuleScript
- }
- # 应用更改
- $siteConfig | Set-WebConfiguration -Verbose
- }
