在生产环境中,经常会遇到某个ip地址频繁访问nginx网站异常的情况。这时候我们就需要通过安全措施来保护我们的服务器。接下来,我们将为您介绍几种方法。Linux安全篇:禁止频繁访问的ip访问nginx工具]#lsnginx-1.11.2.tar.gz[root@localhosttools]#yuminstallgccgcc-c++makeautomakeautoconflibtoolpcre*zlibopensslopenssl-devel[root@本地主机工具]#tarxfnginx-1.11.2.tar.gz[root@localhost工具]#lsnginx-1.11.2nginx-1.11.2.tar.gz[root@localhost工具]#cdnginx-1.11.2[root@localhostnginx-1.11.2]#lsautoCHANGESCHANGES.ruconfconfigurecontribhtmlLICENSEmanREADMEsrc[root@localhostnginx-1.11.2]#./configure[root@localhostnginx-1.11.2]#make[root@localhostnginx-1.11.2]#makeinstalltestnginxservice[root@localhost~]#curl-I172.16.1.100HTTP/1.1200OKServer:nginx/1.11.2Date:Mon,17Aug202009:36:29GMTContent-Type:text/htmlContent-Length:15Last-Modified:Mon,17Aug202009:36:19GMTConnection:keep-aliveETag:"5f3a4f93-f"Accept-Ranges:bytesnginx可以正常访问。接下来假设172.16.1.100为黑客主机,频繁访问nginx服务模拟172.16.1.100访问10次172.16.1.10172.16.1.100[root@localhost~]#ab-c1-n10http://172.16.1.10/ThisisApacheBench,Version2.3<$Revision:1430300$>版权所有1996AdamTwiss,ZeusTechnologyLtd,http://www.zeustech.net/授权给ApacheSoftwareFoundation,http://www.apache.org/Benchmarking172.16.1.10(bepatient)....doneServerSoftware:nginx/1.11.2ServerHostname:172.16.1.10ServerPort:80DocumentPath:/DocumentLength:612bytesConcurrencyLevel:1Timetakenfortests:0.0161queilsecondsCompleterequests:0写入错误:0总传输量:8450字节HTML传输量:6120字节每秒请求数:617.02[#/sec](平均值)每个请求时间:1.621[ms](平均值)每个请求时间:1.621[ms](平均值,跨所有并发请求)传输速率:509.16[Kbytes/sec]receivedConnectionTimes(ms)minmean[+/-sd]medianmaxConnect:010.301Processing:110.312Waiting:010.311Total:110.512ERROR:初始连接时间的中位数和平均值更多比相差两倍的标准偏差。TheseresultsareNOTreliable.Percentageoftherequestsservedwithinacertaintime(ms)50%166%175%180%290%295%298%299%2100%2(最长请求)查看nginx日志172.16.1.10[root@localhost~]#tail/usr/local/nginx/logs/access.log172.16.1.100--[26/Jul/2020:05:58:24+0800]"GET/HTTP/1.0"200612"-""ApacheBench/2.3"172.16.1.100--[26/Jul/2020:05:58:24+0800]"GET/HTTP/1.0"200612"-""ApacheBench/2.3"172.16.1.100--[26/Jul/2020:05:58:24+0800]"GET/HTTP/1.0"200612"-""ApacheBench/2.3"172.16.1.100--[26/Jul/2020:05:58:24+0800]“获取/HTTP/1.0"200612"-""ApacheBench/2.3"172.16.1.100--[26/Jul/2020:05:58:24+0800]"GET/HTTP/1.0"200612"-""ApacheBench/2.3"172.16.1.100--[26/Jul/2020:05:58:24+0800]"GET/HTTP/1.0"200612"-""ApacheBench/2.3"172.16.1.100--[26/Jul/2020:05:58:24+0800]"GET/HTTP/1.0"200612"-""ApacheBench/2.3"172.16.1.100--[26/Jul/2020:05:58:24+0800]"GET/HTTP/1.0"200612"-""ApacheBench/2.3"172.16.1.100--[26/Jul/2020:05:58:24+0800]"GET/HTTP/1.0"200612"-""ApacheBench/2.3"172.16。1.100--[26/Jul/2020:05:58:24+0800]"GET/HTTP/1.0"200612"-""ApacheBench/2.3"可以看到172.16.1.100在一秒内访问了nginx10接下来,禁止使用iptables限制ip访问172.16.1.10[root@localhost~]#iptables-IINPUT-s172.16.1.100-ptcp--dport80-jDROP172.16.1.100[root@localhost~]#curl172.16.1.10curl:(7)Failedconnectto172.16.1.10:80;Connectiontimedout此时172.16.1.100不能再访问nginxnginx配置文件限制172.16.1.10linux安全:禁止频繁访问ip访问nginxlinux安全文章:禁止频繁访问的ip访问nginx172.16.1.100[root@localhost~]#curl-I172.16.1.10HTTP/1.1403ForbiddenServer:nginx/1.11.2Date:Sat,25Jul202023:12:06GMTContent-Type:text/htmlContent-Length:169Connection:keep-alive总结以上就是两个简单的方法限制ip访问,有很多方法可以使用工具来限制ip
