There are many friends who have built foreign trade websites who want to restrict their websites from being accessed by domestic IPs. There are also some friends whose websites store resources that need to be blocked from specific IPs for various reasons. Some friends have seen attacks. Most of the source IPs come from abroad, and you want to prevent foreign IPs from accessing the website.
Cloudflare automatically blocks malicious IPs to the firewall and automatically switches to a 5-second shield script to prevent CC attacks
A friend put his corporate website on his cloud host, and the traffic was not large. However, because it was used and was often attacked by CC, the main manifestation was that the IO and CPU increased sharply. Finally, the database hung up and the website became inaccessible. Cloudflare was enabled at the beginning, but the attacker scanned frantically and the defense effect was average.
VPS host and server security protection: SSH port modification, whitelist addition, key login only
Recently, when a friend was using his Yunfu host, he discovered that SSH has been violently scanned by others. Although the SSH account and password have never been guessed, if someone keeps staring at him, something will happen sooner or later. I helped him set up an S-S-H login whitelist, which only allows login access from his own IP, and rejects all other IPs.
Basic ideas for VPS host attack defense against CC and DDOS - anti-scanning firewall blocking strategy
More and more people are using VPS hosts to build websites, but compared with virtual hosts or managed servers, personal VPS hosts are basically unmanaged. That is, the host provider is only responsible for the smooth network of the VPS host. As for technical issues You have to figure it out on your own. In the past, the VPS hosts used by Alibaba Cloud were often attacked by CC and DDOS. Basically, every time they were attacked, they would enter Alibaba Cloud's "black hole".