Question Tips for DDOS Protection With CoudFlare

[tugapt]

Hi,

We're considering protecting our XC-UI Server again DDOS using cloudflare, but we're afraid this will block normal users, IPTV Apps ( like smart STB, Smart IPTV, etc, which need to parse our playlists) and also other XC-UI servers restreaming our channels.

Does anyone have any tips regarding cloudlflare DDOS protection configuration? Tks

 

[ayouyou]

hi
can you add this config in your nginx

set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

 

[tugapt]

hi
can you add this config in your nginx

set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

Thanks, but what I'm afraid is that CF blocks automatized requests from other servers and IPTV apps. Any CF config tips regarding this?

 

[ayouyou]

Thanks, but what I'm afraid is that CF blocks automatized requests from other servers and IPTV apps. Any CF config tips regarding this?

https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

So, using Nginx, edit your nginx.conf file and add the following to your http section:

set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;




real_ip_header CF-Connecting-IP;



Sincerely yours

 

[redhat]

https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

So, using Nginx, edit your nginx.conf file and add the following to your http section:

set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;




real_ip_header CF-Connecting-IP;



Sincerely yours

Info: Current CF IP's to be Whitelist:

To view the content, you need to Sign In or Register.

 

[Mardaki]

Hi,

We're considering protecting our XC-UI Server again DDOS using cloudflare, but we're afraid this will block normal users, IPTV Apps ( like smart STB, Smart IPTV, etc, which need to parse our playlists) and also other XC-UI servers restreaming our channels.

Does anyone have any tips regarding cloudlflare DDOS protection configuration? Tks

Only you need to add IPv4 into your nginx.conf which is on XtreamCodes path and reload nginx service.

https://www.cloudflare.com/ips-v4

173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/13
104.24.0.0/14
172.64.0.0/13
131.0.72.0/22