查找要屏蔽的IP,$15表示第15个分隔字符,通过{print NF}获取一行有多少个被分隔的域
|
1 |
awk '{print $15}' access.log |sort |uniq -c|sort -n |
获取用户真实IP,并赋值给变量$clientRealIP,在 Nginx 的 http 模块内加入如下配置
|
1 2 3 4 |
map $http_x_forwarded_for $clientRealIp { "" $remote_addr; ~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr; } |
阻止真实IP访问,保存成blocksip.default,在server模块中引入include conf.d/blocksip.default;
|
1 2 3 4 5 6 |
if ($http_x_forwarded_for ~* "112.30.53.215|221.6.81.70") { #add_header Content-Type text/plain; #echo "son of a bitch,you mother fucker,go fuck yourself!"; return 404; break; } |
分析Nginx访问日志
|
1 2 3 4 5 6 |
#!/bin/bash ips=$(awk '$7="/rest/public" {a[$1]++}END{for(i in a){if(a[i]>100)print i|"sort -nr -k1"}}' /var/log/nginx/access.log); arr=($ips) function join { local IFS="$1"; shift; echo "$*"; } echo $(join '|' ${arr[@]}) |
阻止IP
|
1 2 3 4 |
if ($http_x_forwarded_for ~* "49.222.240.242") { return 444; break; } |
