Configure Nginx deny delegate access tutorial in Linux

Let's talk about the simple structure. Front end a nginx reverse proxy, backend a Nginx instance app for PHP ... is actually a discuz, before the CC attack is a warning script or take a CDN, but this time the attackers no longer hit traffic, but the database request page to attack, such as search operation ... Post ID F5, etc... From the log analysis to see from 3 URLs to attack, then use Nginx matching $query_string to return 503 ... But it can cause the page to be inaccessible, so think of such a compromise.

First you see a log of the agent request:

# #通过分析, at the back end found that its proxy access data are two IP, by default, direct access to get real IP, only one of its IP, and through the mobile phone 3g\4g Internet is 2 IP, but there is an anonymous IP, to the server is only one IP, this is not too good to judge ...
[Root@ipython conf]# tail-f/var/log/nginx/logs/access.log | grep ahtax
120.193.47.34--[26/sep/2014:23:34:44 +0800] "get/ahtax/index.html http/1.0" 503 1290 "-" "mozilla/5.0 (Windows NT 6.1; WOW64) applewebkit/537.36 (khtml, like Gecko) chrome/31.0.1650.63 safari/537.36 "" 10.129.1.254, 120.193.47.34 "

_server variables when using PHP to parse under access

code is as follows

copy code

[Root@ipython conf]# cat/%path%/self_.php <?php if ($_server[) Http_x_forwarded_for "]!=") {     $user _ip=$_server["Http_x_forwarded_for"]; } ElseIf ($_server["http_x_real_ip"]!= "") {     $user _ip=$_server["Http_x_real_ip"]; else{         $user _ip=$_server["REMOTE_ADDR"]; The Echo $user _ip. <br/> ";         foreach ($_server as $key => $value)                  echo $key. " \ t "." $value "." <br/> ";

Confirm related parameters through browser access

With this feature it is very good to judge ....

First you need to have a regular to match the log two Ip,nginx are relying on the Pcre library ...

The code is as follows	Copy Code
[Root@ipython conf]# Pcretest PCRE version 7.8 2008-09-05 Re> ' ^\d+.\d+.\d+.\d+\w\s\d+.\d+.\d+.\d+$ ' Data> 192.168.1.1, 1.1.1.1 0:192.168.1.1, 1.1.1.1 The Nginx configuration file adds conditions to the location $dir to match http_x_forwarded_for: #proxy if ($http _x_forwarded_for ~ ' ^\d+.\d+.\d+.\d+\w\s\d+.\d+.\d+.\d+$ ') { return 503; }

Overload configuration allows you to restrict site users who use proxy IP to access the