The script is as follows:
Copy Code code as follows:
#!/bin/sh
Nginx_home =/data/app_1/nginx
Log_path =/data/logs
/usr/bin/tail-n50000 $log _path/access.log \
|awk ' ~/aspx/{print $2,$13} '
|grep-i-v-e "google|yahoo|baidu|msnbot| Feedsky|sogou "\
|awk ' {print $} ' |sort|uniq-c |sort-rn \
|awk ' {if ($1>150) print "Deny" $2″; "}" > $nginx _home/conf/vhosts/blockip.conf
/bin/kill-hup ' Cat $nginx _home/nginx.pid '
can also be analyzed by the Nginx log filter frequent access to IP, directly with iptables shielding this IP, you do not need to restart the nginx, and shielding effect better.
The command for a single IP is
Iptables-i input-s 124.115.0.199-j DROP
The command for the IP segment is
Iptables-i input-s 124.115.0.0/16-j DROP
The order of the entire paragraph is
Iptables-i input-s 194.42.0.0/8-j DROP
The order to seal a few paragraphs is
Iptables-i input-s 61.37.80.0/24-j DROP
Iptables-i input-s 61.37.81.0/24-j DROP
I didn't even get into the-_-!!!
Iptables-i input-p tcp–dport 80-s 124.115.0.0/24-j DROP
In the future with this only seal 80 port on the line, will not be a problem!
Iptables-i input-p tcp–dport 80-s 124.115.0.0/24-j DROP
Iptables-i input-s 61.37.81.0/24-j DROP
Solve the letter
Iptables-f
Empty
iptables-d INPUT Number
