Script WAF to protect your MAIN SERVER - XUIONE
This is a simple script designed to create a protective barrier against direct access to your main server (Main Server).
How Does It Work?
With the WAF activated, direct access to your server's IP is blocked. Only connections from Cloudflare's authorized IPs will be allowed, ensuring your server is protected against attacks such as scans and other IP-based probing attempts.- Your Main Server's IP: 123.456.789.132
- With the WAF activated, any attempt to directly access this IP will be blocked.
- The server will only be accessible through the Cloudflare proxy.
- The domain for your Main Server and your load balancer servers (if applicable) must be configured to route through the Cloudflare proxy (orange cloud icon enabled in the Cloudflare dashboard).
- Blocking port 3306 (database): Allows access only to specific IPs.
- Advanced protection against scans and exploits: Provides enhanced security for services running on the server.
TUTORIAL
- Upload the Script:
Upload the waf.sh file to your server.
- Grant Execution Permissions:
On your server, run the following command to grant permissions to the script:
Code:
chmod +x waf.sh - Start the WAF:
To start protecting your server, run the following command:
Code:
./waf.sh
- Option 3: This option will configure your server’s firewall to allow connections only from Cloudflare IPs, blocking direct access and ensuring the security of your server.
