Skip to content

Instantly share code, notes, and snippets.

@moesoha
Last active May 11, 2024 09:11
Show Gist options
  • Save moesoha/d969d6506e227c2fcfde9621fa524725 to your computer and use it in GitHub Desktop.
Save moesoha/d969d6506e227c2fcfde9621fa524725 to your computer and use it in GitHub Desktop.
This script creates Nginx config snippets that can deny non-CloudFlare IP or set real Client IP from trusted header.
#!/bin/sh
set -e
echo "===== Fetching CloudFlare latest IPs ====="
IP4LIST=$(curl https://www.cloudflare.com/ips-v4)
IP6LIST=$(curl https://www.cloudflare.com/ips-v6)
echo "===== Creating Real IP config ====="
printf "$IP4LIST\n\n$IP6LIST\n\n" | sed -E 's/(.+)/set_real_ip_from \1;/' - | tee cloudflare_real_ip.conf
echo "real_ip_header CF-Connecting-IP;" | tee --append cloudflare_real_ip.conf
echo "===== Creating Allow List config ====="
printf "$IP4LIST\n\n$IP6LIST\n\n" | sed -E 's/(.+)/allow \1;/' - | tee cloudflare_allow_list.conf
echo "deny all;" | tee --append cloudflare_allow_list.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment