This is a very quick post, it is very late, I need to sleep. I just wanted to talk some tech. So I use Cloudflare. That is cool and easy and all, but then there was a problem with me wanting to rate limit. How can I rate limit if I do not know the visitor’s IP (because I will see the Cloudflare proxy IP instead)? Well, I am using Nginx, so I was able to do some code I do not understand and it seems to work. I tested it because now my IP is showing in the access log instead of some 108 address that I do not actually have.
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
real_ip_header CF-Connecting-IP;I through that in the http section of my nginx.conf and bam. My IP is showing correctly. I assume all IPs are now showing correctly, although that will take testing another day. This will let me actually narrow down IPs that are constantly hitting my site and rate limit them or outright block them. I also put a delay on crawlers, cause fuck it, I am already indexed on Google. I do not need them to keep crawling. Figuring out how Bing works is next on my agenda cause that crawler is going in the weirdest places.
If I ever get good at Nginx Conf, I will post mine here so no one else has to stress about the best rate limiting and getting Fail2ban to work while using Cloudflare, but as of now, I am just taking others code and plopping it in. Seems to work okay so far.
Stay Safe. I’m out.