当一个网站套cf时,cf会把网站的域名解析到固定的随机分配的ipv4和ipv6各两个。如果目标地址填写域名,就只能连接这些给定的ip,比如这样:
-
- "outbounds": [
- {
- "protocol": "vmess",
- "settings": {
- "vnext": [
- {
- "address": "mjj.com",
- "port": 443,
- "users": [
- {
- "id": "11111111-1111-1111-111111111111",
- "alterId": 64,
- "security": "auto",
- "level": 0
- }
- ]
- }
- ]
- },
- "streamSettings": {
- "network": "ws",
- "security": "tls",
- "wsSettings": {
- "path": "/mjj"
- },
- "tlsSettings": {
- "allowInsecure": false
- }
- }
- }
- ]
复制代码
但cf实际上任何一个ip都能用,所以我们可以这样来指定所用的ip:
- "outbounds": [
- {
- "protocol": "vmess",
- "settings": {
- "vnext": [
- {
- "address": "104.16.0.0",
- "port": 443,
- "users": [
- {
- "id": "11111111-1111-1111-111111111111",
- "alterId": 64,
- "security": "auto",
- "level": 0
- }
- ]
- }
- ]
- },
- "streamSettings": {
- "network": "ws",
- "security": "tls",
- "wsSettings": {
- "path": "/mjj",
- "headers": {
- "Host": "mjj.com"
- }
- },
- "tlsSettings": {
- "serverName": "mjj.com",
- "allowInsecure": false
- }
- }
- }
- ]
复制代码
其中104.16.0.0可以换成任意一个cf的ip,ipv4和ipv6都可以
而且可以把ws的http请求头和tls的sni设置得不一样来隐藏自己访问的网站(目前只有azure支持这种做法,cf不支持)
另外附上cf的ip段:
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/12
172.64.0.0/13
131.0.72.0/22
2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32
2a06:98c0::/29
2c0f:f248::/32 |