gyxsama
(美橘子)
2
不过Netcraft接受别的举报并向顾客反馈的, 只这样搞可能还是存在一定的风险
Staleness
(Staleness)
5
我的cf盾的加了两条,第一条是屏蔽非中国ip,第二条是网上找的屏蔽这类爬虫的
(ip.geoip.asnum eq 398722) or (ip.geoip.asnum eq 212329) or (ip.src in {194.52.68.0/24 194.72.238.0/24 83.138.182.72/29 83.138.189.96/29 81.91.240.0/24 89.36.24.0/24 83.222.232.216/30 184.172.0.0/16 162.142.125.0/24 167.94.138.0/24 167.94.145.0/24 167.94.146.0/24 167.248.133.0/24 199.45.154.0/24 199.45.155.0/24 206.168.34.0/24 2602:80d:1000:b0cc:e::/80 2620:96:e000:b0cc:e::/80 2602:80d:1003::/112 2602:80d:1004::/112 87.236.176.0/24 193.163.125.0/24 68.183.53.77/32 104.248.203.191/32 104.248.204.195/32 142.93.191.98/32 157.245.216.203/32 165.22.39.64/32 167.99.209.184/32 188.166.26.88/32 206.189.7.178/32 209.97.152.248/32 2a06:4880::/32 2604:a880:800:10::c4b:f000/124 2604:a880:800:10::c51:a000/124 2604:a880:800:10::c52:d000/124 2604:a880:800:10::c55:5000/124 2604:a880:800:10::c56:b000/124 2a03:b0c0:2:d0::153e:a000/124 2a03:b0c0:2:d0::1576:8000/124 2a03:b0c0:2:d0::1577:7000/124 2a03:b0c0:2:d0::1579:e000/124 2a03:b0c0:2:d0::157c:a000/124 }) or (http.user_agent eq "Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; [email protected])") or (http.user_agent eq "Mozilla/4.0 (compatible; Netcraft Web Server Survey)") or (http.user_agent eq "Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0/cc-prepass-https; [email protected])") or (http.user_agent eq "Netcraft SSL Server Survey - contact [email protected]") or (http.user_agent contains "NETCRAFT") or (http.user_agent eq "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Netcraft SSL Server Survey - contact [email protected])") or (http.user_agent contains "censys") or (cf.client.bot) or (http.user_agent contains "archive")
然后再到cfworks里添加一个根据来访ip归属地判断的代码,把自己访问的归属地添加进去,不是这个归属地的直接返回403
需要自己额外搭建一个IP归属地的服务
addEventListener('fetch', event => {
event.respondWith(handleRequest(event.request))
})
async function handleRequest(request) {
const clientIP = request.headers.get('cf-connecting-ip');
const ipInfoResponse = await fetch(`IP查询接口URL/${clientIP}`); //
const ipInfo = await ipInfoResponse.json();
const regions = ipInfo.regions || [];
if (!(regions.includes('北京市') || regions.includes('上海市') || regions.includes('陕西省'))) {
return new Response('404', { status: 404 });
return new Response(htmlContent, { status: 404, headers: { 'Content-Type': 'text/html' } });
}
const url = new URL(request.url)
url.hostname = '被代理的主机名'
const modifiedRequest = new Request(url, request)
return fetch(modifiedRequest)
}
IP接口我用的是这个docker run -d -p 8000:80 netart/ipapi,用法就是直接访问http://映射出来的端口/需要查询的IP
,我没设置桥接访问显示的IP是内网IP,所以上面查询的代码里要获取到访问者的IP。
使用了半个月了,目前用着还算稳定,本来想搭建一个cfworks+D1鉴权的,发现能力有限搞不定访问速度的事情,就放弃了
3 Likes