查找要屏蔽的IP,$15表示第15个分隔字符,通过{print NF}获取一行有多少个被分隔的域
awk '{print $15}' access.log |sort |uniq -c|sort -n
获取用户真实IP,并赋值给变量$clientRealIP,在 Nginx 的 http 模块内加入如下配置
map $http_x_forwarded_for $clientRealIp {
"" $remote_addr;
~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
}
阻止真实IP访问,保存成blocksip.default,在server模块中引入include conf.d/blocksip.default;
if ($http_x_forwarded_for ~* "112.30.53.215|221.6.81.70") {
#add_header Content-Type text/plain;
#echo "son of a bitch,you mother fucker,go fuck yourself!";
return 404;
break;
}
分析Nginx访问日志
#!/bin/bash
ips=$(awk '$7="/rest/public" {a[$1]++}END{for(i in a){if(a[i]>100)print i|"sort -nr -k1"}}' /var/log/nginx/access.log);
arr=($ips)
function join { local IFS="$1"; shift; echo "$*"; }
echo $(join '|' ${arr[@]})
阻止IP
if ($http_x_forwarded_for ~* "49.222.240.242") {
return 444;
break;
}