我把網站轉到使用 Cloudflare
Cloudflare 免費方案提供 DNS 與 基本 WAF 防護功能
首先在 Cloudflare 上 Add your website 後
將 Cloudflare 提供的 DNS Server 設定到網域的註冊局上
查詢網站是 Cloudflare 的 IP 就成功了
ssorc.tw. 300 IN A 104.21.46.193 ssorc.tw. 300 IN A 172.67.141.146
等 Cloudflare 驗證過後,確認在介面上面 DNS 設定 Proxy status 狀態為 Proxied
代表網站會是經由 Cloudflare WAF 過濾後再被 Client 端看到
再來還要設定自己主機端跑真實 IP,不然會看到為 Cloudflare 的 IP ( Cloudflare IP 清單)
下圖解釋了流程 (圖片來源)
所以把 Cloudflare IP 清單,拿來設定到主機的 Apache 上
LoadModule remoteip_module modules/mod_remoteip.so RemoteIPHeader X-FORWARDED-FOR #RemoteIPHeader CF-Connecting-IP RemoteIPTrustedProxy 173.245.48.0/20 RemoteIPTrustedProxy 103.21.244.0/22 RemoteIPTrustedProxy 103.22.200.0/22 RemoteIPTrustedProxy 103.31.4.0/22 RemoteIPTrustedProxy 141.101.64.0/18 RemoteIPTrustedProxy 108.162.192.0/18 RemoteIPTrustedProxy 190.93.240.0/20 RemoteIPTrustedProxy 188.114.96.0/20 RemoteIPTrustedProxy 197.234.240.0/22 RemoteIPTrustedProxy 198.41.128.0/17 RemoteIPTrustedProxy 162.158.0.0/15 RemoteIPTrustedProxy 104.16.0.0/13 RemoteIPTrustedProxy 104.24.0.0/14 RemoteIPTrustedProxy 172.64.0.0/13 RemoteIPTrustedProxy 131.0.72.0/22 RemoteIPTrustedProxy 2400:cb00::/32 RemoteIPTrustedProxy 2606:4700::/32 RemoteIPTrustedProxy 2803:f800::/32 RemoteIPTrustedProxy 2405:b500::/32 RemoteIPTrustedProxy 2405:8100::/32 RemoteIPTrustedProxy 2a06:98c0::/29 RemoteIPTrustedProxy 2c0f:f248::/32
這時查看 access_log 就會是 client 端的 IP 了
留言