Of Stack

Block some basic IP configuration method sharing on the Nginx server

  • 2020-05-15 02:33:12
  • OfStack

Collection and prevention of collection is a perennial topic. One side wants to get other people's things, and the other side does not want their things to be taken away by others.

This article describes how to use nginx shielding ip to prevent collection, or iptable.

1. Find ip to block 


awk '{print $1}' nginx.access.log |sort |uniq -c|sort -n

nginx.access.log is a log file,

We get the following result, the first is the number of visits to ip, and the second is ip, so obviously we need to block the ip that has more visits and is not the ip of the spider, in this case we block it 


165.91.122.67

 ...
 13610 202.112.113.192
 95772 180.169.22.135
 337418 219.220.141.2
 558378 165.91.122.67

2. Under the installation directory of nginx, create a new ip file and name it blockip.conf. Add the following 


deny 165.91.122.67;
So let's save 1.

3. Add the following configuration to the nginx configuration file nginx.conf, which can be put into the http, server, location, limit_except statement block. Note the relative path, in this case nginx.conf, blocksip.conf in the same directory. 


include blockip.conf;

4. Restart nginx service: 1 / usr local/nginx/nginx - s reload can take effect.

Advanced usage:

The ip profile can be blocked for either a single ip, an ip segment, or only one ip or one ip segment. 


#  Block a single ip access 

deny IP; 
#  Allows a single ip access 

allow IP; 
#  To block all ip access 

deny all; 
#  Allow all ip access 

allow all; 
# The entire segment is shielded from 123.0.0.1 to 123.255.255.254 Access command 

deny 123.0.0.0/8
# shielding IP Section is from 123.45.0.1 to 123.45.255.254 Access command 

deny 124.45.0.0/16
# shielding IP Section is from 123.45.6.1 to 123.45.6.254 Access command 

deny 123.45.6.0/24

If you want to implement such an application, all but a few IP will be rejected,
That requires you to write it like this in blockip.conf 


allow 1.1.1.1; 
allow 1.1.1.2;
deny all;

Separate websites block the IP method by placing the include blocksip. conf; Put the url corresponding to the server{} statement block,
All websites block the IP method, putting include blocksip.conf; Put it in the http {} statement block.

The IP script that blocks access too often needs to be modified to take out access to IP and User-Agent according to the actual nginx log format.
Add a configuration to the nginx configuration file 


include ./vhost/blockip.conf;

Script content: 


#!/bin/bash
   nginx_home=/usr/local/webserver/nginx
   log_path=/usr/local/webserver/nginx/logs
   tail -n50000 /usr/local/webserver/nginx/logs/access.log \
   |awk '{print $1,$12}' \
   |grep -i -v -E "google|yahoo|baidu|msnbot|FeedSky|sogou" \
   |awk '{print $1}'|sort|uniq -c|sort -rn \
   |awk '{if($1>1000)print "deny "$2";"}' >$nginx_home/conf/vhost/blockip.conf
   /etc/init.d/nginx reload

Related articles: