nginx配置自动封ip
首先nginx配置禁止head请求
server{
if ($request_method ~ ^(HEAD)$ ) {
return 403 "403 forbidden";
}
}
查看规则
sudo iptables -vnL封禁单个 IP
sudo iptables -I INPUT -s x.x.x.x -j DROP
-I 表示插入规则封禁 IP 段
sudo iptables -I INPUT -s x.x.x.0/24 -j DROP解禁 IP
sudo iptables -D INPUT -s ***.***.***.*** -j DROP
-D 表示删除规则iptables保存规则(ubuntu和centos)
1.Ubuntu
首先,保存现有的规则:iptables-save > /etc/iptables.rules
然后新建一个bash脚本,并保存到/etc/network/if-pre-up.d/目录下:
cd /etc/network/if-pre-up.d/
vi iptable.sh
里面粘贴下面内容
!/bin/bash
iptables-restore < /etc/iptables.rules保存后 chmod +x ./iptable.sh
这样,每次系统重启后iptables规则都会被自动加载。然后自己写了个脚本,用于服务器自动抵御异常爬虫程序
#!/bin/bash
banip_run(){
# 独立ip awk '{print $1}' /var/log/nginx/access.log.1 | sort | uniq | wc -l
# 根据ip列出前100条访问数据 awk '{print $1}' /var/log/nginx/access.log.1 | sort | uniq -c | sort -n -k 1 -r | head -n 100
# 根据时间段统计平均每秒访问量 awk '{print $4}' /var/log/nginx/access.log.1 |cut -c 14-21|sort|uniq -c|sort -nr|head -n 100
# 根据协议统计访问量 awk '{print $8}' /var/log/nginx/access.log.1|sort | uniq -c |sort -n -k 1 -r|more
# 独立ip awk '{print $1}' /var/log/nginx/access.log.1 | sort -r |uniq -c | wc -l
# 总访问量pv awk '{print $6}' /var/log/nginx/access.log.1 | wc -l
# uv独立访客 awk '{print $10}' /var/log/nginx/access.log.1 | sort -r |uniq -c |wc -l
# https://help.baidu.com/search?keywords=hiker.nokia.press 访问这个直接dd
# https://www.cnblogs.com/lianzhilei/p/6018421.html
# https://www.jianshu.com/p/a074c3eb3068
# grep id=729 /var/log/nginx/access.log.1 | wc -l
# awk '{print $7}' access.log.1 | sort | uniq -c | sort -k1 -n -r | more
nginx_home=/usr/sbin/nginx
log_path=/var/log/nginx
nginx_etc=/etc/nginx/conf.d
maxcn=3000
history=50000
cat /dev/null > $log_path/ban_ip_tmp.txt
tail -n$history $log_path/access.log \
|awk '{print $1,$12}' \
|grep -i -v -E "google|yahoo|baidu|msnbot|FeedSky|sogou" \
|awk '{print $1}'|sort|uniq -c|sort -rn \
|awk '{if($1>'$maxcn')print "deny "$2";"}' >$log_path/ban_ip_tmp.txt
spiders=`awk 'END{print NR}' $log_path/ban_ip_tmp.txt`
now_time=$(date "+%Y-%m-%d %H:%M:%S")
if [ $spiders -gt 0 ]
then
cat $log_path/ban_ip_tmp.txt > $nginx_etc/ban_ip.conf
blacks=`cat $log_path/ban_ip_tmp.txt`
echo "$now_time 本次封禁以下$spiders个IP:$blacks"
service nginx reload
echo "nginx重载完毕"
#docker restart hiker
docker exec hiker odoo restart
echo "道长仓库重载完毕"
elseecho "$now_time 很棒,本次检测未发现恶意访问的ip"hiker_test
fi
}
hiker_test(){
httpcode=`curl -I localhost:8025 -w "%{http_code}\n" -o /dev/null -s`
# httpcode=`curl -I -s localhost:8025|head -1|cut -d " " -f2`
if [ "$httpcode" == "200" ];then
echo "hiker服务运行正常"
else
echo "hiker服务已经异常,返回$httpcode,开始重启服务"
docker exec hiker odoo restart
echo "道长仓库重载完毕"
fi
}banip_num(){# 500000 10000
log_path=/var/log/nginx
tail -n$1 $log_path/access.log \
|awk '{print $1,$12}' \
|grep -i -v -E "google|yahoo|baidu|msnbot|FeedSky|sogou" \
|awk '{print $1}'|sort|uniq -c|sort -rn \
|awk '{if($1>'$2')print ""$2""}' >$log_path/ban_ip_tmps.txt
cat $log_path/ban_ip_tmps.txt
}banip_kill(){log_path=/var/log/nginxfor line in `cat $log_path/ban_ip_tmps.txt`
doiptables -I INPUT -s $line -j DROPecho '封禁了:'$line
done
}ipkill(){iptables -I INPUT -s $1 -j DROPecho '封禁了:'$1
}
ipallow(){iptables -D INPUT -s $1 -j DROPecho '解封了:'$1
}
ipshow(){
# iptables --listiptables -L
}
log(){log_path=/var/log/nginxtail -f $log_path/access.log
}banip_log(){awk '{print $1}' /var/log/nginx/access.log |sort |uniq -c|sort -n
}banip_clear(){cat /dev/null > ban_ip.conf
}banip_show(){nginx_etc=/etc/nginx/conf.dcat $nginx_etc/ban_ip.conf
}
# cat /dev/null > banips.sh
#ln -s /etc/nginx/conf.d/banips.sh /usr/local/bin/banips
#rm -rf /usr/local/bin/banips
#crontab -e
#15分钟执行一次封ip
# */15 * * * * banips run >> /etc/nginx/conf.d/banips.log 2>&1
# iptables -L -n --line-numbers
# iptables -I INPUT -s 168.138.198.222 -j DROP
# cat /var/log/nginx/access.log | grep HEAD
msg='run 启动ip封杀\nlog 打印访问ip记录\nshow 显示被封的ip\nclear 清空封禁列表\nlogs 显示nginx实时日志\nnum输出异常ip到文本\nkills 封禁文本异常ip\nipkill 手动封单ip\nipshow 显示规则\nipallow 解封ip'
case "$1" inrun)banip_run;;log)banip_log;;logs)log;;num)banip_num $2 $3;;kills)banip_kill;;show)banip_show;;clear)banip_clear;;ipkill)ipkill $2;;ipallow)ipallow $2;;ipshow)ipshow;;*)echo -e $msg;;
esac本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!