Nginx block malicious IP, and scheduled cancellation of two scripts

Preface: Sometimes the server will suffer from malicious IP access, resulting in a large server load, this time need to block this IP, the following two kinds of scripts to achieve this function. There are two ways to block IP: 1, directly through Nginx, add include blockip.conf;2 in the configuration file, through the firewall, add firewall rules, so that fixed IP can not access.

In both ways, the IP of the traffic anomaly is retrieved and processed in the log file.

The script function here is that when an IP access server is larger than the value we set, block this IP, of course, this function in the actual need to Baidu, Google and other crawled out of recognition, this script does not deal with, as long as the value is greater than our set, on the blockade, more perfect online script, I will be given in the post.

Online scripts are blocked IP, but here we need to implement the function of the time to cancel the blocking IP, the principle is to start 21 scripts on a timed basis, to unlock the blocked IP, specifically configured as follows:

One, nginx block IP

Script logic: Two scripts, a script to retrieve the traffic is greater than the fixed value of the IP, and add this IP to the nginx blocking configuration file, using the at task, timing (such as one hours) to enable another script, to unlock the blocked IP. The steps are as follows:

1. Open Nginx configuration file:

Vim/usr/local/nginx/conf/nginx.conf #这个配置文件根据自己的路径进行配置

2. Add the following statement to the server segment:

Include blockip.conf;

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/75/94/wKiom1Y8afHDa0qZAALj_2XRGHU441.jpg "title=" capture. PNG "width=" height= "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:500px;height:240px; "alt=" Wkiom1y8afhda0qzaalj_2xrghu441.jpg "/>

3. Create a new file in the same path of the Nginx configuration file: blockip.conf

Touch blockip.conf #现在文件中先不用写入内容

4, edit the script, the script content is as follows:

#!/bin/bash

Max=5 #我们设定的最大值, when the amount of traffic is greater than this is worth the time, the blockade

Confdir=/usr/local/nginx/conf/blockip.conf #nginx封锁配置文件路径

Logdir=/usr/local/nginx/logs/access.log #nginx访问日志文件路径

echo "" > $confdir #先把封锁配置文件中的内容清空

Cat $logdir |awk ' {print $} ' |sort|uniq-c|sort-n|while Read line #截取IP段

Do

A= (' echo $line ')

If [$a-ge $max] #比较每个访问IP是否大于设定的max值

Then

echo "Deny ${a[1]};" >> $confdir #把 "deny IP;" statements are written to the blocking configuration file

Fi

Done

Service Nginx Reload #重置nginx服务

At Now+1 Hours-f/root/unblockip.sh an hour after the unlock execution file, the path itself, the unblockip.sh file must be set execution permissions: chmod +x unblockip.sh

5, the above is the retrieval script, the unlock script is as follows:

#！ /bin/bash

Sed-i ' s/^/#&/g '/usr/local/nginx/conf/blockip.conf #把nginx封锁配置文件中的内容注释掉

Service Nginx Reload #重置nginx服务 so that you know the lock IP

EXECUTE as follows:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/75/94/wKiom1Y8cSGB1v3_AADzehtU7Kk583.jpg "title=" captures K. PNG "width=" height= "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:500px;height:73px "alt=" wkiom1y8csgb1v3_ Aadzehtu7kk583.jpg "/>

Ii. use of iptables blockade

Block logic: Two scripts, one to retrieve the traffic is greater than we set the IP, and add this IP to the firewall rules, to implement IP blocking, timing (such as an hour), using the at service to invoke another script, the script iptables rules clear, implementation of the blocking IP unlock, the script is as follows:

1. Block IP Scripts

#!/bin/bash

Max=100 #我们设定的最大值, when the amount of traffic is greater than this is worth the time, the blockade

Logdir=/usr/local/nginx/logs/access.log #nginx封锁配置文件路径

Cat $logdir |awk ' {print $} ' |sort|uniq-c|sort-n|while Read line #截取IP段

Do

A= (' echo $line ')

If [$a-ge $max] #比较每个访问IP是否大于设定的max值

Then

Iptables-i input-p TCP--dport 80-s ${a[1]}-j DROP #把访问量大于设定值的IP加入的防火墙规则中

Fi

Done

At now+2 minutes-f/root/unipblock.sh #两分钟后 (This can be set by itself) call another script to unlock the IP

2. Unlock IP scripts

Iptables-f #这个脚本就是清楚iptables规则

Note: These two scripts are used on-line when there will be problems, for example, every time the iptables rule is cleared, then the blocked IP will be unlocked, so there is a need to improve the place, which is posted here, is to provide you with a way of thinking, timed cancellation of the blocked IP, which is rarely involved in the internet, I will give you the perfect script for online use, please pay attention.

This article is from the "Tosagta" blog, please be sure to keep this source http://tsoagta.blog.51cto.com/9747076/1710421

Nginx block malicious IP, and scheduled cancellation of two scripts