This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Safe offense and defense Use the new version of Baidu Cloud to accelerate the protection of websites and block non-CDN IP addresses from accessing websites.
View: 14944|Reply: 0

[Safety Tutorial] Use the new version of Baidu Cloud to accelerate the protection of websites and block non-CDN IP addresses from accessing websites

[Copy link]
Posted on 10/5/2015 2:30:14 PM | | | |
Recently, my site has been attacked by malicious DDOS
This causes the server to go down and prevent the service from being provided normally, which is very annoying
So I added a new version of Baidu Cloud Acceleration to provide CDN services and protect the website
Introduction to the new version of Baidu Cloud Acceleration
Home:http://next.yunjiasu.baidu.com/
Attention! Nohttp://yunjiasu.baidu.com/,尽管UI完全一样,但是功能相差非常大!
The new version of Baidu Cloud Acceleration not only adds new domestic nodes, but also adds overseas nodes!
In other words, unregistered websites can also use Baidu Cloud Acceleration!
Moreover, Baidu Cloud's accelerated overseas nodes are actually CloudFlare's paid version of the service, and the powerful performance of CloudFlare's CDN goes without saying, with rich nodes around the world (except Chinese mainland), and super anti-D capabilities
Turn on Baidu Cloud Acceleration
1. Log in to your Baidu account
2. Click "My Website" in the upper right corner
3. Click "Add Website"
4. Then enter your domain name, then click to select the access method, and select "CNAME method".
5. Click "Next" and wait for Baidu to synchronize information with CloudFlare, which may take longer
6. Next, you will enter the steps of setting up records, and follow Baidu's prompts to set records-modify resolution-verify domain names
7. Add successfully!
8. Next, your website will be under the protection of Baidu!
Block non-CDN access
If the attacker already knows your real IP and directly attacks your real IP address, then Baidu Cloud Acceleration, to be precise, CF, will not be able to protect you
To avoid being attacked from behind, we need to make some restrictions on nginx
Add the following code to the server section of nginx:
  1. allow 127.0.0.1;
  2. allow 你VPS的IP地址;
  3. #CloudFlare
  4. allow 199.27.128.0/21;
  5. allow 173.245.48.0/20;
  6. allow 103.21.244.0/22;
  7. allow 103.22.200.0/22;
  8. allow 103.31.4.0/22;
  9. allow 141.101.64.0/18;
  10. allow 108.162.192.0/18;
  11. allow 190.93.240.0/20;
  12. allow 188.114.96.0/20;
  13. allow 197.234.240.0/22;
  14. allow 198.41.128.0/17;
  15. allow 162.158.0.0/15;
  16. allow 104.16.0.0/12;
  17. deny all;
Copy code
This code means that only the IP address of the CF and the VPS are allowed to access nginx locally, and all other access is rejected (403).
This can minimize the risk of attackers directly attacking real IPs
Causing the website to crash




Previous:Simply get the real IP of the website behind the CDN
Next:MVC implements a progress bar about time, using the jQuery ui's progressbar

Related Posts
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com