Nginx+lua+redis implement verification code anti-collection

Previously introduced in Nginx how to embed the LUA module, the use of Nginx+lua can be very good development and development of nginx business logic, and achieve high concurrency effect.

Below we will introduce the use of Nginx+lua+redis to achieve anti-collection function.

Phenomenon:

Web site in providing services to users at the same time by the search engine, collectors constantly crawl, may cause the site overwhelmed, resulting in the page back 5XX error. In view of this situation, we will be to the collector and search engine access control, of course, the control of the search engine may affect the site collection.

Function Description:

Nginx+lua in the front-end implementation of client access control, the client's access information into the Redis, if the limit of access frequency, then jump to PHP generated verification code interface, if the verification pass can continue to access half an hour, if the verification does not pass, it is blocked for half an hour. Because the IP of the collector may change, it will not be blocked in this case.

1.nginx_lua Module Installation

Please refer to the previous "Nginx and Lua" blog http://blog.csdn.net/yanggd1987/article/details/46679989

2.lua-resty-redis Module Installation

Cd/usr/local/srcwget Https://github.com/openresty/lua-resty-redis/archive/master.zipunzip MASTER.ZIPCD Lua-resty-redis-mastermkdir-p/usr/local/nginx/lua# copy Lib to the Lua folder in the Nginx installation directory CP-RF lib/usr/local/nginx/luacd/usr/ Local/nginx/lua/libln-s Redis.lua Resty/redis.lua

3. Writing Lua scripts in the Nginx directory

Cd/usr/local/srcwget Https://github.com/openresty/lua-resty-redis/archive/master.zipunzip MASTER.ZIPCD Lua-resty-redis-mastermkdir-p/usr/local/nginx/lua# copy Lib to the Lua folder in the Nginx installation directory CP-RF lib/usr/local/nginx/luacd/usr/ Local/nginx/lua/libln-s Redis.lua Resty/redis.luacd/usr/local/nginx/luavim access_test.luapackage.path = "/usr/ local/nginx/lua/?. Lua;/usr/local/nginx/lua/lib/?. Lua; " Package.cpath = "/usr/local/nginx/lua/?". So;/usr/local/nginx/lua/lib/?. So; " --Block IP Time ip_bind_time = 300--IP Access frequency period ip_time_out = 60--IP Access frequency count maximum Connect_count = 60--connection redislocal Redis = require " Resty.redis "Local cache = redis.new () local OK, err = cache.connect (cache," 10.10.10.8 "," 6381 ") cache:set_timeout (60000) --If the connection fails, jump to the label if not OK then goto LABELEND--IP block Keyis_bind, err = Cache:get ("Bind_"). NGX.VAR.REMOTE_ADDR)--white list--after the verification code passed, just set the WHITE_NGX.VAR.REMOTE_ADDR to 1 and the expiration time, the next visit will not be judged is_white, err = Cache:get ("White_"). NGX.VAR.REMOTE_ADDR) if Tonumber (is_white) = = 1 then goto labelend--Query IP is blockedsection, if you jump to the Captcha page if Tonumber (is_bind) = = 1 Then--ngx.say ("block, jump to verification code page")--base64 encode local source=ngx. Encode_base64 (Ngx.var.scheme ... ":/ /".. Ngx.var.host. Ngx.var.request_uri) Local dest= "http://10.10.10.8/authcode.html" ... "? Continue= ". SOURCE--url_args encoded--local Source=ngx.encode_args ({continue=ngx.var.scheme..):/ /".. Ngx.var.host. Ngx.var.request_uri})--local dest= "http://10.10.10.8/authcode.html": "?".. SOURCE Ngx.redirect (dest,302) goto LABELEND--IP record time keystart_time, err = Cache:get ("time_": NGX.VAR.REMOTE_ADDR)--ip count keyip_count, err = Cache:get ("Count_": NGX.VAR.REMOTE_ADDR)--If the IP record time key does not exist or the current time minus IP record time is greater than the specified time interval, then reset the time key and Count key--if the current time minus the IP record time is less than the specified time interval, then the IP count + 1, and the IP count is greater than the specified IP access frequency, then set the IP block key is 1, while setting the expiration time of the block key is the block IP time if start_time = = Ngx.null or Os.time ()-Tonumber (start_time) > Ip_time_out then res, err = Cache:set ("Time_"). Ngx.var.remote_addr, Os.time ()) res, err = Cache:set ("Count_"). Ngx.var.remote_addr, 1) Else Ip_count = Ip_count + 1 res, err = CACHE:INCR ("Count_"). NGX.VAR.REMOTE_ADDR) If Ip_count >= Connect_count then res, err = Cache:set ("Bind_":  NGX.VAR.REMOTE_ADDR, 1)--The following steps to PHP, if the verification code does not pass the bind expiration time, if the verification code through the set WHITE_IP 1 and set its expiration time--res, Err = Cache:expire ("Bind_"): NGX.VAR.REMOTE_ADDR, Ip_bind_time) endend::label::local OK, err = Cache:close ()

10.10.10.8/authcode.html for Verification code page, need to write in other languages, no longer say!

Attention:

1. In a production environment because the backend PHP needs to record the remote client IP, the relevant settings need to be turned on on the Nginx proxy:

Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

2. In the application of production environment may be multi-domain name environment, ngx.exec and Ngx.redirect Jump Way, ngx.exec for internal jump, ngx.redirect for external jump;

3.WHITE_IP is whitelisted, if validation is successful, whitelist is added and the whitelist expires, and if validation is unsuccessful, the expiration time of the BIND_IP is set directly, and if not verified, it is blocked;

4. Judge White_ip must be placed on the bind_ip above, because the validation has been added to the whitelist will be directly skip the subsequent judgment part;

5. After jumping to the verification code page, you need to record the URL of the page you want to access, in order to reach the verification pass to the page you want to visit;

6. Cout_ip and TIME_IP will be reset if the limit is not reached within the access time.

4. Add the Lua script to the appropriate location

   location/test {                access_by_lua_file '/usr/local/nginx1.6/lua/access.lua ';                Content_by_lua ' Ngx.header.content_type = "Text/plain"                Ngx.say ("Hello,world")                ';        }

Within 1 minutes, when the number of visits reaches 100, it jumps to the Captcha interface.

PS: In this thank zengbin3013 (http://blog.csdn.net/zengbin3013/article/details/9313979) Blogger, this script is also on his basis to change.

Reference content:

Https://github.com/openresty/lua-resty-redis

Https://github.com/openresty/lua-nginx-module

Http://wiki.nginx.org/HttpLuaModule

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Nginx+lua+redis implement verification code anti-collection