# 可允許的IP地址清單
# 最後更新：2024年

## 按地點分類

### 岡山
- Hinet: 114.33.18.13

### 汐止
- 125.229.65.83
- 60.248.164.91

### 新竹
- 220.132.236.89
- 211.72.69.222

### 璟茂
- 219.87.170.253
- 125.228.50.228

### 新增IP
- 218.161.107.138

## 完整IP清單（一行一個）
114.33.18.13
125.229.65.83
60.248.164.91
220.132.236.89
211.72.69.222
219.87.170.253
125.228.50.228
218.161.107.138

## 防火牆規則格式

### Windows 防火牆 (PowerShell)
```powershell
# 允許所有IP
$allowedIPs = @(
    "114.33.18.13",
    "125.229.65.83", 
    "60.248.164.91",
    "220.132.236.89",
    "211.72.69.222",
    "219.87.170.253",
    "125.228.50.228",
    "218.161.107.138"
)

foreach ($ip in $allowedIPs) {
    New-NetFirewallRule -DisplayName "允許IP: $ip" -Direction Inbound -RemoteAddress $ip -Action Allow
}
```

### Linux iptables
```bash
# 允許所有IP
iptables -A INPUT -s 114.33.18.13 -j ACCEPT
iptables -A INPUT -s 125.229.65.83 -j ACCEPT
iptables -A INPUT -s 60.248.164.91 -j ACCEPT
iptables -A INPUT -s 220.132.236.89 -j ACCEPT
iptables -A INPUT -s 211.72.69.222 -j ACCEPT
iptables -A INPUT -s 219.87.170.253 -j ACCEPT
iptables -A INPUT -s 125.228.50.228 -j ACCEPT
iptables -A INPUT -s 218.161.107.138 -j ACCEPT
```

## 配置文件格式

### Nginx 配置
```nginx
# 在 http 區塊中添加
geo $allowed_ip {
    default 0;
    114.33.18.13 1;
    125.229.65.83 1;
    60.248.164.91 1;
    220.132.236.89 1;
    211.72.69.222 1;
    219.87.170.253 1;
    125.228.50.228 1;
    218.161.107.138 1;
}

# 在 server 區塊中使用
if ($allowed_ip = 0) {
    return 403;
}
```

### Apache .htaccess
```apache
# 只允許特定IP訪問
Order Deny,Allow
Deny from all
Allow from 114.33.18.13
Allow from 125.229.65.83
Allow from 60.248.164.91
Allow from 220.132.236.89
Allow from 211.72.69.222
Allow from 219.87.170.253
Allow from 125.228.50.228
Allow from 218.161.107.138
```

## 程式碼格式

### Python 列表
```python
ALLOWED_IPS = [
    "114.33.18.13",  # 岡山 Hinet
    "125.229.65.83", # 汐止
    "60.248.164.91", # 汐止
    "220.132.236.89", # 新竹
    "211.72.69.222", # 新竹
    "219.87.170.253", # 璟茂
    "125.228.50.228", # 璟茂
    "218.161.107.138" # 新增IP
]
```

### JavaScript 陣列
```javascript
const allowedIPs = [
    "114.33.18.13", // 岡山 Hinet
    "125.229.65.83", // 汐止
    "60.248.164.91", // 汐止
    "220.132.236.89", // 新竹
    "211.72.69.222", // 新竹
    "219.87.170.253", // 璟茂
    "125.228.50.228", // 璟茂
    "218.161.107.138" // 新增IP
];
```

## 環境變數配置

### .env.local 配置
```env
# 啟用IP白名單
ENABLE_IP_WHITELIST=true

# 允許的IP地址（包含新增的IP）
ALLOWED_IPS=114.33.18.13,125.229.65.83,60.248.164.91,220.132.236.89,211.72.69.222,219.87.170.253,125.228.50.228,218.161.107.138
```

## 安全建議

1. **定期更新**：建議定期檢查和更新IP地址清單
2. **記錄存取**：記錄所有IP的存取日誌
3. **備用方案**：考慮設定備用的存取方式
4. **監控異常**：監控未授權IP的存取嘗試
5. **網路分段**：考慮使用VPN或專用網路

## 驗證IP格式的正則表達式
```regex
^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
```