配置nginx以过滤http洪水 [英] Config of nginx to filter http flood

查看:211
本文介绍了配置nginx以过滤http洪水的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我的服务器上有一个HTTP洪泛,不是很多查询,但是无论如何.日志查询

A have a http flood on my server, not so much queries, but anyway. Queries in log

95.55.237.3--[06/Sep/2012:14:38:23 +0400]"GET/HTTP/1.0" 200 35551-""Mozilla/5.0(Windows; U; Windows NT 6.1; en-美国)"-"| -" 93.78.44.25--[06/Sep/2012:14:38:23 +0400]"GET/HTTP/1.0" 200 36051-""Mozilla/5.0(Windows; U; Windows NT 6.1; en-US)" -" | -" 46.118.112.3--[06/Sep/2012:14:38:23 +0400]"GET/HTTP/1.0" 200 35551-""Mozilla/5.0(Windows; U; Windows NT 6.1; en-US)" -" | -"

95.55.237.3 - - [06/Sep/2012:14:38:23 +0400] "GET / HTTP/1.0" 200 35551 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)" "-" | "-" 93.78.44.25 - - [06/Sep/2012:14:38:23 +0400] "GET / HTTP/1.0" 200 36051 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)" "-" | "-" 46.118.112.3 - - [06/Sep/2012:14:38:23 +0400] "GET / HTTP/1.0" 200 35551 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)" "-" | "-"

我在nginx config中尝试了此过滤器

I tried this filters in nginx config

server {
    .....
    set $add 1;
    set $ban '';

###### Rule 1 ########
if ($http_referer = '-' ) {
    set $ban $ban$add;
}
if ($request_uri = '/') {
    set $ban $ban$add;
}

if ($http_user_agent = 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)') {
    set $ban $ban$add;
}

if ($ban = 111) {
    return 444;
}
######################
......
}

但是stil bot查询得到200 OK.有人可以帮忙吗?

but stil bot queries get 200 OK. Could somebody help?

推荐答案

尝试将类似以下指令的内容添加到您的配置中,以防止HTTP泛洪:

Try adding something like the following directives to your config to prevent http flooding:

http {
  limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
  limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s;

  server {
    limit_conn conn_limit_per_ip 10;
    limit_req zone=req_limit_per_ip burst=10 nodelay;
  }
}

请参见 http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html http://nginx.org/en/docs/http/ngx_http_limit_req_module. html 了解更多信息

以下所有指令均 http://nginx.org/en/docs /http/ngx_http_core_module.html#limit_rate

注意: http://www.botsvsbrowsers.com/details/504401/index. html 表示上述用户代理不是已知的漫游器

NOTE: http://www.botsvsbrowsers.com/details/504401/index.html says the above user agent is not a known bot

这篇关于配置nginx以过滤http洪水的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆