Nginx A Perl cleaning script to prevent garbage flow

1, according to the Nginx access log, according to the matching rules to detect the source domain name, according to the source domain name in a certain amount of time to determine the number of blocked objects

Put the following script into the system timer task, timed (2-5 minutes, can be adjusted according to the specific situation) execution.

To determine the number of abnormal traffic, usually greater than the number of sources are clean.

Of course there may be a miscalculation, so filter out the normal source address at the back.

Cat purge_traffic.sh

#!/bin/bash

if [-f/var/log/nginx/www-access.log]; Then

Tail-10000/var/log/nginx/www-access.log | Grep-e ' Cps_site|tracert.php?source ' | Awk-f ' "' {if ($ ~/http:/) {print $}} ' | Awk-f '/' {print $} ' | Grep-v-E '. xxx.cn|.baidu.com|google.com ' | Sort | uniq-c | Sort-nr | head-60 >/tmp/cps_site.log

Cat/tmp/cps_site.log | awk ' {if ($ >) {print $}} ' >/tmp/purge_cps.log

Fi

2, the Perl script called in Nginx, when the request came in, the following script to determine whether the Referer address from the above generated by the need to clean the domain name.

Perl judgment script that returns 1 when a source address match is found

Cat purgetraffic.pm

Package purgetraffic;

Use Nginx;

Sub Purge {

my $r = shift;

My $ua = $r->header_in ("Referer");

if (! $ua) {return 0;}

Open (FILES, "/tmp/purge_cps.log") | | return 0;

@cps_file = ;

Close (FILES);

foreach (@cps_file) {

my $eachcps = $_;

Chomp $eachcps;

# $r->print ($eachcps. ' | ');

if ($ua =~ m/$eachcps/) {

#return http_not_allowed;

return 1;

}

}

return 0;

}

1;

__end__

3, nginx.conf call Perl script, the source of compliance with the cleaning rule returned directly 404,

HTTP {

...

Perl_modules/etc/nginx;

Perl_require purgetraffic.pm;

...

Perl_set $purge purgetraffic::p urge;

server {

server_name www.xxx.cn;

if ($purge = 1) {return 404;} #屏蔽垃圾流量

...

}

}

Reload Nginx, complete automatic flow cleaning

You can also modify the Perl script a little and add a whitelist to reduce the likelihood of miscalculation.