![如何将 Lighttpd 的 $HTTP["remoteip"] 与 Cloudflare 一起使用?](https://linux22.com/image/635599/%E5%A6%82%E4%BD%95%E5%B0%86%20Lighttpd%20%E7%9A%84%20%24HTTP%5B%22remoteip%22%5D%20%E4%B8%8E%20Cloudflare%20%E4%B8%80%E8%B5%B7%E4%BD%BF%E7%94%A8%EF%BC%9F.png)
我正在使用 Clodflare DNS。我只想允许某些 IP 访问某些文件。
我该如何设置 lighttpd.conf 以正确检测正确的 IP?我知道如何对 access.log 进行此操作。是否可以将 $HTTP["remoteip"] 与其他内容一起使用?
这是我今天的做法:
$HTTP["remoteip"] == "xx.xx.xx.xx" {
url.access-deny = ("")
}
我尝试了以下方法,但没有效果:
$HTTP["remoteip"] =="*"{
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
答案1
$HTTP["remoteip"]永远不会等于字符串*,它将有一个代表连接 IP 地址的值(在您的情况下是某个 Cloudflare 地址)。
存在这种情况意味着extforward里面的设置永远不会被应用,这似乎是你的问题。
至于extforward.forwarder = ( "all" => "trust"),如果非 Cloudflare 地址可以连接,这可能不是一个好主意。允许任何人在标头中指定远程地址使得任何基于 IP 的访问检查都很容易被规避。
Cloudflare 确实有一些关于此的文档也一样。
答案2
Cloudflare 的设置似乎由于 IP 重复输入而出现错误。
以下是对我有用的设置。我把它们放在后面server.modules { .. }:
$HTTP["remoteip"] == "199.27.128.0/21" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "173.245.48.0/20" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "103.21.244.0/22" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "103.22.200.0/22" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "103.31.4.0/22" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "141.101.64.0/18" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "108.162.192.0/18" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "190.93.240.0/20" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "188.114.96.0/20" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "197.234.240.0/22" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "198.41.128.0/17" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "162.158.0.0/15" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "104.16.0.0/12" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
使用这个 $HTTP["remoteip"] 可以正常工作。