Block some basic IP configuration method sharing on the Nginx server
- 2020-05-15 02:33:12
- OfStack
Collection and prevention of collection is a perennial topic. One side wants to get other people's things, and the other side does not want their things to be taken away by others.
This article describes how to use nginx shielding ip to prevent collection, or iptable.
1. Find ip to block
awk '{print $1}' nginx.access.log |sort |uniq -c|sort -n
nginx.access.log is a log file,
We get the following result, the first is the number of visits to ip, and the second is ip, so obviously we need to block the ip that has more visits and is not the ip of the spider, in this case we block it
165.91.122.67
...
13610 202.112.113.192
95772 180.169.22.135
337418 219.220.141.2
558378 165.91.122.67
2. Under the installation directory of nginx, create a new ip file and name it blockip.conf. Add the following
deny 165.91.122.67;
So let's save 1.
3. Add the following configuration to the nginx configuration file nginx.conf, which can be put into the http, server, location, limit_except statement block. Note the relative path, in this case nginx.conf, blocksip.conf in the same directory.
include blockip.conf;
4. Restart nginx service: 1 / usr local/nginx/nginx - s reload can take effect.
Advanced usage:
The ip profile can be blocked for either a single ip, an ip segment, or only one ip or one ip segment.
# Block a single ip access
deny IP;
# Allows a single ip access
allow IP;
# To block all ip access
deny all;
# Allow all ip access
allow all;
# The entire segment is shielded from 123.0.0.1 to 123.255.255.254 Access command
deny 123.0.0.0/8
# shielding IP Section is from 123.45.0.1 to 123.45.255.254 Access command
deny 124.45.0.0/16
# shielding IP Section is from 123.45.6.1 to 123.45.6.254 Access command
deny 123.45.6.0/24
If you want to implement such an application, all but a few IP will be rejected,
That requires you to write it like this in blockip.conf
allow 1.1.1.1;
allow 1.1.1.2;
deny all;
Separate websites block the IP method by placing the include blocksip. conf; Put the url corresponding to the server{} statement block,
All websites block the IP method, putting include blocksip.conf; Put it in the http {} statement block.
The IP script that blocks access too often needs to be modified to take out access to IP and User-Agent according to the actual nginx log format.
Add a configuration to the nginx configuration file
include ./vhost/blockip.conf;
Script content:
#!/bin/bash
nginx_home=/usr/local/webserver/nginx
log_path=/usr/local/webserver/nginx/logs
tail -n50000 /usr/local/webserver/nginx/logs/access.log \
|awk '{print $1,$12}' \
|grep -i -v -E "google|yahoo|baidu|msnbot|FeedSky|sogou" \
|awk '{print $1}'|sort|uniq -c|sort -rn \
|awk '{if($1>1000)print "deny "$2";"}' >$nginx_home/conf/vhost/blockip.conf
/etc/init.d/nginx reload