×ðÁú¿­Ê±¹ÙÍøµÇ¼

ÉîÈë̽ÌÖNginxµÄÁ÷Á¿ÆÊÎöºÍ»á¼û¿ØÖÆÒªÁì

ÉîÈë̽ÌÖnginxµÄÁ÷Á¿ÆÊÎöºÍ»á¼û¿ØÖÆÒªÁì

NginxÊÇÒ»¿î¸ßÐÔÄܵĿªÔ´WebЧÀÍÆ÷£¬Æ书ЧǿʢÇÒ¿ÉÀ©Õ¹£¬Òò´Ë±»ÆÕ±éÓ¦ÓÃÓÚ»¥ÁªÍøÁìÓò¡£ÔÚÏÖʵӦÓÃÖУ¬ÎÒÃÇͨ³£ÐèÒª¶ÔNginxµÄÁ÷Á¿¾ÙÐÐÆÊÎöÒÔ¼°¶Ô»á¼û¾ÙÐпØÖÆ¡£±¾ÎĽ«ÉîÈë̽ÌÖnginxµÄÁ÷Á¿ÆÊÎöºÍ»á¼û¿ØÖÆÒªÁ죬²¢ÌṩÏìÓ¦µÄ´úÂëʾÀý¡£

Ò»¡¢NginxÁ÷Á¿ÆÊÎö

NginxÌṩÁËÐí¶àÄÚÖñäÁ¿£¬¿ÉÓÃÓÚ¶ÔÁ÷Á¿¾ÙÐÐÆÊÎö¡£ÆäÖУ¬³£ÓõÄÄÚÖñäÁ¿ÓУº

$remote_addr£º¿Í»§¶ËµÄIPµØµã¡£

$time_local£ºÇëÇóµÄÍâµØʱ¼ä¡£

$uri£ºÇëÇóµÄURI¡£

$args£ºÇëÇóµÄ²ÎÊý¡£

$http_referer£ºÇëÇóµÄȪԴURL¡£

$request_method£ºÇëÇóµÄÒªÁ죨GET¡¢POSTµÈ£©¡£

ͨ¹ýÔÚNginxÉèÖÃÎļþÖÐʹÓÃÕâЩÄÚÖñäÁ¿£¬ÎÒÃÇ¿ÉÒÔ»ñÈ¡¹ØÓÚÁ÷Á¿µÄÓÐÓÃÐÅÏ¢¡£ÀýÈ磬ÎÒÃÇ¿ÉÒÔͨ¹ýÒÔÏÂÉèÖ㬽«ÇëÇóµÄIPµØµã¡¢ÇëÇóµÄURLÒÔ¼°ÇëÇóµÄÒªÁì¼Í¼µ½NginxµÄ»á¼ûÈÕÖ¾ÖУº

http {
    log_format access_log_format '$remote_addr - $time_local - $request_method $uri';
    
    server {
        access_log /var/log/nginx/access.log access_log_format;
    }
}

µÇ¼ºó¸´ÖÆ

ʹÓÃÉÏÊöÉèÖú󣬵±ÓÐÇëÇóµÖ´ïNginxʱ£¬½«»áÔÚ/var/log/nginx/access.logÎļþÖмͼϿͻ§¶ËµÄIPµØµã¡¢ÇëÇóµÄʱ¼ä¡¢ÇëÇóµÄÒªÁìÒÔ¼°ÇëÇóµÄURL¡£

ʹÓÃÕâЩÐÅÏ¢£¬ÎÒÃÇ¿ÉÒÔ¾ÙÐÐÔ½·¢ÏêϸµÄÁ÷Á¿ÆÊÎö¡£ÀýÈ磬ÎÒÃÇ¿ÉÒÔʹÓÃawkÏÂÁîͳ¼Æij¸öʱ¼ä¶ÎÄÚ»á¼ûij¸öURLµÄIPÊýÄ¿£º

awk -F '-' '$4 >= "[×îÏÈʱ¼ä]" && $4 <= "[¿¢ÊÂʱ¼ä]" && $6 == " GET [URL]" {print $1}' /var/log/nginx/access.log | sort | uniq -c

µÇ¼ºó¸´ÖÆ

ÆäÖУ¬”[×îÏÈʱ¼ä]”ºÍ”[¿¢ÊÂʱ¼ä]”ÐèÒªÌæ»»³ÉËùÐèµÄʱ¼ä¶Î£¬”[URL]”ÐèÒªÌæ»»³ÉËùÐèµÄURL£¬Í¨¹ýÒÔÉÏÏÂÁÎÒÃÇ¿ÉÒÔ»ñµÃij¸öURLÔÚָ׼ʱ¼ä¶ÎÄڵĻá¼ûIPÊýÄ¿¡£

¶þ¡¢Nginx»á¼û¿ØÖÆ

NginxÌṩÁËÐí¶àÉèÖÃÖ¸Á¿ÉÓÃÓÚ¶Ô»á¼û¾ÙÐпØÖÆ¡£ÏÂÃæÏÈÈݼ¸ÖÖ³£¼ûµÄ»á¼û¿ØÖÆÒªÁì¡£

IPºÚÃûµ¥

ÈôÊÇÎÒÃÇÐèÒª¾Ü¾øijЩIPµÄ»á¼û£¬¿ÉÒÔʹÓÃNginxµÄdenyÖ¸Áî¡£ÀýÈ磬Ҫ¾Ü¾øIPΪ192.168.1.1µÄ»á¼û£¬¿ÉÒÔÔÚNginxµÄÉèÖÃÎļþÖÐÌí¼ÓÈçÏÂÉèÖãº

http {
    server {
        location / {
            deny 192.168.1.1;
            ...
        }
    }
}

µÇ¼ºó¸´ÖÆ

»á¼ûÏÞËÙ

ijЩÇéÐÎÏ£¬ÎÒÃÇÐèÒª¶Ôij¸öURL»òij¸öIPµÄ»á¼û¾ÙÐÐÏÞËÙ£¬ÒÔ±ÜÃâ¶ñÒâÇëÇó¡£NginxÌṩÁËlimit_reqºÍlimit_connÖ¸Á¿ÉÓÃÓÚ¶Ô»á¼û¾ÙÐÐÏÞËÙ¡£

limit_reqÖ¸ÁîÓÃÓÚÏÞÖÆij¸öURLµÄ»á¼ûËÙÂÊ¡£ÀýÈ磬ҪÏÞÖÆ»á¼û/api/½Ó¿ÚµÄÇëÇóËÙÂÊΪÿÃë10¸öÇëÇ󣬿ÉÒÔÔÚNginxµÄÉèÖÃÎļþÖÐÌí¼ÓÈçÏÂÉèÖãº

http {
    server {
        location /api/ {
            limit_req zone=api burst=10 nodelay;
            ...
        }
    }
}

µÇ¼ºó¸´ÖÆ

limit_connÖ¸ÁîÓÃÓÚÏÞÖÆij¸öIPµÄ²¢·¢ÅþÁ¬Êý¡£ÀýÈ磬ҪÏÞÖÆÿ¸öIPµÄ²¢·¢ÅþÁ¬ÊýΪ10£¬¿ÉÒÔÔÚNginxµÄÉèÖÃÎļþÖÐÌí¼ÓÈçÏÂÉèÖãº

http {
    server {
        limit_conn_zone $binary_remote_addr zone=ip:10m;
        
        location / {
            limit_conn ip 10;
            ...
        }
    }
}

µÇ¼ºó¸´ÖÆ

»á¼ûÊÚȨ

ÈôÊÇÎÒÃÇÐèÒª¶Ôij¸öURL¾ÙÐлá¼ûÊÚȨ£¬Ö»ÔÊÐíÌض¨µÄIP»á¼û£¬¿ÉÒÔʹÓÃNginxµÄallowºÍdenyÖ¸Áî¡£

ÀýÈ磬Ҫ¶Ô/test/½Ó¿ÚÖ»ÔÊÐíIPΪ192.168.1.1ºÍ192.168.1.2µÄ»á¼û£¬¿ÉÒÔÔÚNginxµÄÉèÖÃÎļþÖÐÌí¼ÓÈçÏÂÉèÖãº

http {
    server {
        location /test/ {
            allow 192.168.1.1;
            allow 192.168.1.2;
            deny all;
            ...
        }
    }
}

µÇ¼ºó¸´ÖÆ

ͨ¹ýÒÔÉÏÉèÖã¬Ö»ÓÐIPΪ192.168.1.1ºÍ192.168.1.2µÄ»á¼ûÇëÇó²Å»á±»ÔÊÐí»á¼û/test/½Ó¿Ú¡£

×ÛÉÏËùÊö£¬±¾ÎÄÉîÈë̽ÌÖÁËNginxµÄÁ÷Á¿ÆÊÎöºÍ»á¼û¿ØÖÆÒªÁ죬²¢ÌṩÁËÏìÓ¦µÄ´úÂëʾÀý¡£Í¨¹ýºÏÀíʹÓÃNginxµÄ¹¦Ð§ºÍÌØÕ÷£¬ÎÒÃÇ¿ÉÒÔÔ½·¢ÎÞаºÍϸÄåµØ¶ÔÁ÷Á¿¾ÙÐÐÆÊÎöºÍ¿ØÖÆ£¬ÌáÉýWebЧÀÍÆ÷µÄÇå¾²ÐÔºÍÐÔÄÜ¡£

ÒÔÉϾÍÊÇÉîÈë̽ÌÖNginxµÄÁ÷Á¿ÆÊÎöºÍ»á¼û¿ØÖÆÒªÁìµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ