Openresty (nginx extension) for anti-CC attacks

Source: Internet
Author: User

Introduction Openresty through the aggregation of various well-designed nginx modules (mainly by the Openresty team independently developed), so that Nginx effectively into a powerful common WEB application platform. In this way, web developers and system engineers can use the Lua scripting language to mobilize the various C and LUA modules supported by Nginx to quickly construct high-performance WEB applications capable of concurrent connections of 10K and even more than 1000K

Flowchart

This article describes the use of openresty to achieve anti-CC attacks. Openresty official website http://openresty.org/cn/index.html. The following is a flowchart for anti-CC attacks.
According to the flowchart, we know that anti-CC attacks mainly include two parts, one is to limit the request speed, and the other is to send the user JS jump code to verify whether the request is legitimate.

Installation Dependencies

Rhel/centos:

Yum Install Readline-devel pcre-devel openssl-devel

Ubuntu:

Apt-get Install Libreadline-dev libncurses5-dev libpcre3-dev Libssl-dev perl
Luajit Installation
    cd/tmp/    git clone http://luajit.org/git/luajit-2.0.git    cd luajit-2.0/make    && make install    LN-SF Luajit-2.0.0-beta10/usr/local/bin/luajit    ln-sf/usr/local/lib/libluajit-5.1.so.2/usr/lib/
openresty Installation
    Cd/tmp    wget http://agentzh.org/misc/nginx/ngx_openresty-1.2.4.13.tar.gz    tar xzf ngx_ openresty-1.2.4.13.tar.gz    cd ngx_openresty-1.2.4.13/    ./configure--prefix=/usr/local/openresty-- With-luajit make    && make install
nginx Configuration

Nginx.conf:

    http{    [...]    Lua_shared_dict limit 10m;    Lua_shared_dict jsjump 10m;             server {    #lua_code_cache off;            Listen       ;            server_name  www.centos.bz;                 Location/{    default_type  text/html;    Content_by_lua_file "/usr/local/openresty/nginx/conf/lua";            }            Location @cc {                internal;                root   html;                Index  index.html index.htm;}}}    

/usr/local/openresty/nginx/conf/lua file:

    Local IP = ngx.var.binary_remote_addr local limit = Ngx.shared.limit local Req,_=limit:get (IP) if req then            If req > then Ngx.exit (503) Else LIMIT:INCR (ip,1) End Else Limit:set (ip,1,10) End local jsjump = Ngx.shared.jsjump local URI = Ngx.var.reques            T_uri local Jspara,flags=jsjump:get (IP) Local args = Ngx.req.get_uri_args () If Jspara then if Flags then Ngx.exec ("@cc") Else local p_jskey= "if args[" Jskey "] and type (arg                    s["Jskey"]) = = ' table ' then p_jskey=args[' Jskey '][table.getn (args["Jskey"]) else p_jskey=args["Jskey"] End If P_jskey and p_jskey==tostring (            Jspara) then Jsjump:set (ip,jspara,3600,1) ngx.exec ("@cc")                   Else         Local url= ' If Ngx.var.args then Url=ngx.var.scheme ..":/ /".. Ngx.var.host. URI: " &jskey= ". Jspara Else Url=ngx.var.scheme ... ":/ /".. Ngx.var.host. URI: "? Jskey= ". Jspara End local jscode= "window.location.href=".                            URL: "';"        Ngx.say (Jscode) end end Else Math.randomseed (Os.time ());            Local Random=math.random (100000,999999) jsjump:set (ip,random,60) Local url= ' if Ngx.var.args then Url=ngx.var.scheme. ":/ /".. Ngx.var.host. URI: " &jskey= ". Random Else Url=ngx.var.scheme ... ":/ /".. Ngx.var.host. URI: "? Jskey= ". Random End local jscode= "window.location.href=".        URL: "';" Ngx.say (Jscode) End

The LUA Code section explains:
1, 1-12 line is the speed limit function implementation, the 5th and 10th lines indicate that 10 seconds of content can only request 20 times.
2, 14-48 lines is the validation section, 24 rows of 3600 means that after the validation pass, the white list time is 3,600 seconds, that is, 1 hours.

update:2013.5.26
1. Fixed js infinite jump bug
2. Increase random seeds

Openresty (nginx extension) for anti-CC attacks

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.