Nginx+iptables block access to Web page too frequently IP of DDOS malicious access collector

The script is as follows:

 
#!/bin/sh 
nginx_home = /Data/app_1/nginx 
log_path = /Data/logs 
/usr/bin/tail -n50000 $log_path/access.log \ 
|awk  ' $8 ~/aspx/{print $2,$13}' \ 
|grep -i -v -E  " google|yahoo|baidu|msnbot|FeedSky|sogou "  \ 
|awk  ' {print $1}'|sort|uniq -c |sort -rn \ 
|awk  ' {if($1>150)print  " deny  " $2 " ; " }'> $nginx_home/conf/vhosts/blockip.conf 
/bin/kill -HUP `cat $nginx_home/nginx.pid` 

You can also filter out frequent access to IP by analyzing the nginx logs, and block the IP directly with iptables instead of rebooting nginx, which is even better.

The command for a single IP is
iptables -I INPUT -s 124.115.0.199 -j DROP

The command to seal the IP segment is
iptables -I INPUT -s 124.115.0.0/16 -j DROP

The command to seal the entire segment is
iptables -I INPUT -s 194.42.0.0/8 -j DROP

The command to seal several segments is
iptables -I INPUT -s 61.37.80.0/24 -j DROP
iptables -I INPUT -s 61.37.81.0/24 -j DROP

Just now carelessly make of oneself all can't connect on -_-!!
Es38en-I INPUT-p tcp dport 80-s 124.115.0.0/24-j DROP
In the future with this only 80 port on the line, not a problem!

iptables -I INPUT p tcp dport 80-s 124.115.0.0/24 -j DROP

iptables -I INPUT -s 61.37.81.0/24 -j DROP

Unlock
iptables -F
Empty
iptables -D INPUT Numbers