NekoNeko666 最近的时间轴更新 NekoNeko666 最近的时间轴更新 |
NekoNeko666V2EX 第 556375 号会员,加入于 2021-09-19 11:39:20 +08:00 |
NekoNeko666 最近回复了
8 天前 回复了 PhDMartin 创建的主题 › macOS › 如何在 Global Protect VPN 或类似全局 VPN 环境下实现分流? |
一般这种会写 IP Routing Table ,来决定系统网络去向。你运行下 netstat -rn 看下不同的 tun interface 接口写了那些 CIDR 。系统是看哪一条 CIDR 范围最小哪一条有优先级。实在不行我觉得你可以写入哪些哪些 IP 用哪个 tun (启动两个 tun 然后看看接口的名称,然后自己添加到 routing table 里
11 天前 回复了 52txr 创建的主题 › 云计算 › 希望用户只能通过 Cloudflare CDN 访问网站,你们怎么配置 Nginx 的? |
最新的 cf ip
https://www.cloudflare.com/ips/
https://www.cloudflare.com/ips/
11 天前 回复了 52txr 创建的主题 › 云计算 › 希望用户只能通过 Cloudflare CDN 访问网站,你们怎么配置 Nginx 的? |
CloudFlare tunnel 然后拒绝任何 http ,https 端口访问,tunnel 直接和 CF 链接
或者,用 ufw ,允许 ssh ,只允许 CF ip 段的 http 和 https
sudo ufw allow ssh
# Allow HTTP (port 80) for Cloudflare IPv4 ranges
sudo ufw allow from 173.245.48.0/20 to any port 80
sudo ufw allow from 103.21.244.0/22 to any port 80
sudo ufw allow from 103.22.200.0/22 to any port 80
sudo ufw allow from 103.31.4.0/22 to any port 80
sudo ufw allow from 141.101.64.0/18 to any port 80
sudo ufw allow from 108.162.192.0/18 to any port 80
sudo ufw allow from 190.93.240.0/20 to any port 80
sudo ufw allow from 188.114.96.0/20 to any port 80
sudo ufw allow from 197.234.240.0/22 to any port 80
sudo ufw allow from 198.41.128.0/17 to any port 80
sudo ufw allow from 162.158.0.0/15 to any port 80
sudo ufw allow from 104.16.0.0/12 to any port 80
sudo ufw allow from 172.64.0.0/13 to any port 80
sudo ufw allow from 131.0.72.0/22 to any port 80
# Allow HTTPS (port 443) for Cloudflare IPv4 ranges
sudo ufw allow from 173.245.48.0/20 to any port 443
sudo ufw allow from 103.21.244.0/22 to any port 443
sudo ufw allow from 103.22.200.0/22 to any port 443
sudo ufw allow from 103.31.4.0/22 to any port 443
sudo ufw allow from 141.101.64.0/18 to any port 443
sudo ufw allow from 108.162.192.0/18 to any port 443
sudo ufw allow from 190.93.240.0/20 to any port 443
sudo ufw allow from 188.114.96.0/20 to any port 443
sudo ufw allow from 197.234.240.0/22 to any port 443
sudo ufw allow from 198.41.128.0/17 to any port 443
sudo ufw allow from 162.158.0.0/15 to any port 443
sudo ufw allow from 104.16.0.0/12 to any port 443
sudo ufw allow from 172.64.0.0/13 to any port 443
sudo ufw allow from 131.0.72.0/22 to any port 443
# Allow HTTP (port 80) for Cloudflare IPv6 ranges
sudo ufw allow from 2400:cb00::/32 to any port 80
sudo ufw allow from 2606:4700::/32 to any port 80
sudo ufw allow from 2803:f800::/32 to any port 80
sudo ufw allow from 2405:b500::/32 to any port 80
sudo ufw allow from 2405:8100::/32 to any port 80
sudo ufw allow from 2a06:98c0::/29 to any port 80
sudo ufw allow from 2c0f:f248::/32 to any port 80
# Allow HTTPS (port 443) for Cloudflare IPv6 ranges
sudo ufw allow from 2400:cb00::/32 to any port 443
sudo ufw allow from 2606:4700::/32 to any port 443
sudo ufw allow from 2803:f800::/32 to any port 443
sudo ufw allow from 2405:b500::/32 to any port 443
sudo ufw allow from 2405:8100::/32 to any port 443
sudo ufw allow from 2a06:98c0::/29 to any port 443
sudo ufw allow from 2c0f:f248::/32 to any port 443
sudo ufw deny 80
sudo ufw deny 443
sudo ufw enable
或者 iptables
或者,用你云服务商的防火墙设置,允许 cf 的 ip 段
或者,用 ufw ,允许 ssh ,只允许 CF ip 段的 http 和 https
sudo ufw allow ssh
# Allow HTTP (port 80) for Cloudflare IPv4 ranges
sudo ufw allow from 173.245.48.0/20 to any port 80
sudo ufw allow from 103.21.244.0/22 to any port 80
sudo ufw allow from 103.22.200.0/22 to any port 80
sudo ufw allow from 103.31.4.0/22 to any port 80
sudo ufw allow from 141.101.64.0/18 to any port 80
sudo ufw allow from 108.162.192.0/18 to any port 80
sudo ufw allow from 190.93.240.0/20 to any port 80
sudo ufw allow from 188.114.96.0/20 to any port 80
sudo ufw allow from 197.234.240.0/22 to any port 80
sudo ufw allow from 198.41.128.0/17 to any port 80
sudo ufw allow from 162.158.0.0/15 to any port 80
sudo ufw allow from 104.16.0.0/12 to any port 80
sudo ufw allow from 172.64.0.0/13 to any port 80
sudo ufw allow from 131.0.72.0/22 to any port 80
# Allow HTTPS (port 443) for Cloudflare IPv4 ranges
sudo ufw allow from 173.245.48.0/20 to any port 443
sudo ufw allow from 103.21.244.0/22 to any port 443
sudo ufw allow from 103.22.200.0/22 to any port 443
sudo ufw allow from 103.31.4.0/22 to any port 443
sudo ufw allow from 141.101.64.0/18 to any port 443
sudo ufw allow from 108.162.192.0/18 to any port 443
sudo ufw allow from 190.93.240.0/20 to any port 443
sudo ufw allow from 188.114.96.0/20 to any port 443
sudo ufw allow from 197.234.240.0/22 to any port 443
sudo ufw allow from 198.41.128.0/17 to any port 443
sudo ufw allow from 162.158.0.0/15 to any port 443
sudo ufw allow from 104.16.0.0/12 to any port 443
sudo ufw allow from 172.64.0.0/13 to any port 443
sudo ufw allow from 131.0.72.0/22 to any port 443
# Allow HTTP (port 80) for Cloudflare IPv6 ranges
sudo ufw allow from 2400:cb00::/32 to any port 80
sudo ufw allow from 2606:4700::/32 to any port 80
sudo ufw allow from 2803:f800::/32 to any port 80
sudo ufw allow from 2405:b500::/32 to any port 80
sudo ufw allow from 2405:8100::/32 to any port 80
sudo ufw allow from 2a06:98c0::/29 to any port 80
sudo ufw allow from 2c0f:f248::/32 to any port 80
# Allow HTTPS (port 443) for Cloudflare IPv6 ranges
sudo ufw allow from 2400:cb00::/32 to any port 443
sudo ufw allow from 2606:4700::/32 to any port 443
sudo ufw allow from 2803:f800::/32 to any port 443
sudo ufw allow from 2405:b500::/32 to any port 443
sudo ufw allow from 2405:8100::/32 to any port 443
sudo ufw allow from 2a06:98c0::/29 to any port 443
sudo ufw allow from 2c0f:f248::/32 to any port 443
sudo ufw deny 80
sudo ufw deny 443
sudo ufw enable
或者 iptables
或者,用你云服务商的防火墙设置,允许 cf 的 ip 段
13 天前 回复了 orangutan92 创建的主题 › macOS › macOS 15.1.1 本地网络配置怎么删掉? |
61 天前 回复了 tackoil 创建的主题 › iDev › 注册 Developer Program 的时候先别用 macOS 的 Developer APP |
一点细节
风控是基于验证等等的 Risk Matrix
https://developer.apple.com/documentation/devicecheck/assessing-fraud-risk
Specifically, you can get an approximate count of unique attestations for your app on a particular device.
可以获得在一台设备上的验证或注册次数
风控是基于验证等等的 Risk Matrix
https://developer.apple.com/documentation/devicecheck/assessing-fraud-risk
Specifically, you can get an approximate count of unique attestations for your app on a particular device.
可以获得在一台设备上的验证或注册次数
61 天前 回复了 tackoil 创建的主题 › iDev › 注册 Developer Program 的时候先别用 macOS 的 Developer APP |
如果主力机已经是 iPhone ,但是账号区域有问题,可以 Apple Store 买个新的 iPhone SE 等注册。
61 天前 回复了 tackoil 创建的主题 › iDev › 注册 Developer Program 的时候先别用 macOS 的 Developer APP |
应该是 Mac 失败后,联系客服解释理由,客服会消除掉现有设备 DeviceCheck API 生成的 ID ,然后指导你去手机操作。更换设备,设备 ID 不一致是系统自动 ban ,客服确实没有选项恢复。注册成功后会设置 DeviceCheck 的 2 个 binary 中的一个,标记设备已经用于 developer 注册,所以必须新设备。
117 天前 回复了 LoneFireBlossom 创建的主题 › macOS › 连上公司 Wi-Fi 以后,邮件 APP 总是提示「“邮件”无法验证服务器“imap.aq.com”的身份」怎么办? |
邮箱端口一般 587 ,465 ,还有 25 。这个 SSL 报错说明走的 STARTTLS 协议可以设置下 587 和 465 端口不走公司网络
117 天前 回复了 LoneFireBlossom 创建的主题 › macOS › 连上公司 Wi-Fi 以后,邮件 APP 总是提示「“邮件”无法验证服务器“imap.aq.com”的身份」怎么办? |
估计是 MITM 公司用自己的证书解密邮件分析内容。邮箱的话 SMTP 端口 587 ,可以看看日志是否请求被增强模式处理。
120 天前 回复了 drymonfidelia 创建的主题 › Cloudflare › cloudflare 是不是把自定义被拦截状态码(不是自定义错误页面!)的功能下线了?我以前设置了被拦截返回 404 而不是 403,现在失效了,找不到地方配置 |
我刚看了下我这里是有的。实在不行你也可以试试那个新的用代码写配置的功能,在 Rules/Snippets 里面、可以用 JS 代码写响应 Response ,估计代码不难或者扔给机器人可以很快写出来。再不行估计只能问问你的 representative 了。
Select Language