linux安全篇:禁止頻繁訪問的ip訪問nginx
導讀 | 生產環境中經常會遇到某個ip地址頻繁異常的訪問nginx網站,此時我們需要透過安全措施保護我們的伺服器,接下來為大家介紹幾種方式。 |
實驗環境:
版本:redhat6.5
ip:172.16.1.100,172.16.10
軟體:nginx
172.16.1.10部署nginx
[root@localhost tools]# ls nginx-1.11.2.tar.gz [root@localhost tools]# yum install gcc gcc-c++ make automake autoconf libtool pcre* zlib openssl openssl-devel [root@localhost tools]# tar xf nginx-1.11.2.tar.gz [root@localhost tools]# ls nginx-1.11.2 nginx-1.11.2.tar.gz [root@localhost tools]# cd nginx-1.11.2 [root@localhost nginx-1.11.2]# ls auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src [root@localhost nginx-1.11.2]# ./configure [root@localhost nginx-1.11.2]# make [root@localhost nginx-1.11.2]# make install
測試nginx服務
[root@localhost ~]# curl -I 172.16.1.100 HTTP/1.1 200 OK Server: nginx/1.11.2 Date: Mon, 17 Aug 2020 09:36:29 GMT Content-Type: text/html Content-Length: 15 Last-Modified: Mon, 17 Aug 2020 09:36:19 GMT Connection: keep-alive ETag: "5f3a4f93-f" Accept-Ranges: bytes
nginx 可以正常訪問。
接下來,假設172.16.1.100是駭客主機,頻繁訪問nginx服務
模擬172.16.1.100訪問10次172.16.1.10
172.16.1.100
[root@localhost ~]# ab -c 1 -n 10 This is ApacheBench, Version 2.3 <$Revision: 1430300 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, Licensed to The Apache Software Foundation, Benchmarking 172.16.1.10 (be patient).....done Server Software: nginx/1.11.2 Server Hostname: 172.16.1.10 Server Port: 80 Document Path: / Document Length: 612 bytes Concurrency Level: 1 Time taken for tests: 0.016 seconds Complete requests: 10 Failed requests: 0 Write errors: 0 Total transferred: 8450 bytes HTML transferred: 6120 bytes Requests per second: 617.02 [#/sec] (mean) Time per request: 1.621 [ms] (mean) Time per request: 1.621 [ms] (mean, across all concurrent requests) Transfer rate: 509.16 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 0 1 0.3 0 1 Processing: 1 1 0.3 1 2 Waiting: 0 1 0.3 1 1 Total: 1 1 0.5 1 2 ERROR: The median and mean for the initial connection time are more than twice the standard deviation apart. These results are NOT reliable. Percentage of the requests served within a certain time (ms) 50% 1 66% 1 75% 1 80% 2 90% 2 95% 2 98% 2 99% 2 100% 2 (longest request)
檢視nginx日誌
172.16.1.10
[root@localhost ~]# tail /usr/local/nginx/logs/access.log 172.16.1.100 - - [26/Jul/2020:05:58:24 +0800] "GET / HTTP/1.0" 200 612 "-" "ApacheBench/2.3" 172.16.1.100 - - [26/Jul/2020:05:58:24 +0800] "GET / HTTP/1.0" 200 612 "-" "ApacheBench/2.3" 172.16.1.100 - - [26/Jul/2020:05:58:24 +0800] "GET / HTTP/1.0" 200 612 "-" "ApacheBench/2.3" 172.16.1.100 - - [26/Jul/2020:05:58:24 +0800] "GET / HTTP/1.0" 200 612 "-" "ApacheBench/2.3" 172.16.1.100 - - [26/Jul/2020:05:58:24 +0800] "GET / HTTP/1.0" 200 612 "-" "ApacheBench/2.3" 172.16.1.100 - - [26/Jul/2020:05:58:24 +0800] "GET / HTTP/1.0" 200 612 "-" "ApacheBench/2.3" 172.16.1.100 - - [26/Jul/2020:05:58:24 +0800] "GET / HTTP/1.0" 200 612 "-" "ApacheBench/2.3" 172.16.1.100 - - [26/Jul/2020:05:58:24 +0800] "GET / HTTP/1.0" 200 612 "-" "ApacheBench/2.3" 172.16.1.100 - - [26/Jul/2020:05:58:24 +0800] "GET / HTTP/1.0" 200 612 "-" "ApacheBench/2.3" 172.16.1.100 - - [26/Jul/2020:05:58:24 +0800] "GET / HTTP/1.0" 200 612 "-" "ApacheBench/2.3"
由此可見,一秒鐘之內172.16.1.100訪問了nginx10次,接下來禁止掉這個問題ip
透過iptables限制ip訪問
172.16.1.10
[root@localhost ~]# iptables -I INPUT -s 172.16.1.100 -ptcp --dport 80 -j DROP
172.16.1.100
[root@localhost ~]# curl 172.16.1.10 curl: (7) Failed connect to 172.16.1.10:80; 連線超時
此時172.16.1.100再也不能訪問nginx
nginx配置檔案限制
172.16.1.10
172.16.1.100
[root@localhost ~]# curl -I 172.16.1.10 HTTP/1.1 403 Forbidden Server: nginx/1.11.2 Date: Sat, 25 Jul 2020 23:12:06 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive
總結
以上就是兩種簡單的方法限制ip訪問,還有許多方法可以利用工具進行ip限制。
本文原創地址:
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/69955379/viewspace-2713914/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 禁止頻繁請求的ip訪問nginxNginx
- 教你如何處理Nginx禁止ip加埠訪問的問題Nginx
- nginx 是如何禁止訪問php的NginxPHP
- Linux禁止某個IP地址訪問的幾種方法Linux
- linux centos7新增ip黑名單禁止某個ip訪問LinuxCentOS
- Nginx統計訪問IP並排序Nginx排序
- 在Linux中,如何統計ip訪問情況?分析 nginx 訪問日誌?如何找出訪問頁面數量在前十位的ip?LinuxNginx
- 恆訊科技分析:如何禁止用IP訪問網站?網站
- 如何檢視Linux 當前訪問ipLinux
- .htaccess IP訪問限制
- nginx反向代理、負載均衡配置與linux環境下的安裝及通過ip和域名訪問nginxNginx負載Linux
- Linux 拒絕國外 IP 訪問的步驟Linux
- laravel 單使用者 單IP 頻次訪問限制Laravel
- Nginx 對訪問量的控制Nginx
- 訪問本地的公網ip
- linux nginx 網站訪問提示502 Bad GatewayLinuxNginx網站Gateway
- 006.Nginx訪問控制Nginx
- Windows限制訪問指定IPWindows
- PostgreSQL IP地址訪問配置SQL
- SVN異常處理——禁止訪問
- Linux下使用GoAccess監控Nginx訪問日誌LinuxGoNginx
- IP頁面訪問域名介面問題
- Linux 防火牆只允許指定IP 埠訪問Linux防火牆
- PbootCMS 織夢安裝出現403錯誤禁止訪問boot
- Nginx 配置訪問 swagger 頁面NginxSwagger
- nginx配置https協議訪問NginxHTTP協議
- nginx 專案配置 https 訪問NginxHTTP
- Nginx代理訪問RabbitMQ Management UINginxMQUI
- 模擬ip訪問(附模擬手機訪問)遠端地址
- Linux配置靜態IP解決無法訪問網路問題Linux
- Linux 中安裝redis 外網可訪問LinuxRedis
- 如何解決網站限制IP訪問的問題網站
- Linux SSH遠端訪問Linux
- Nginx配置VUE專案Https訪問NginxVueHTTP
- 如何用nginx配置https加密訪問?NginxHTTP加密
- windows設定僅訪問特定ipWindows
- PHP記錄訪問ip程式碼PHP
- Oracle資料庫限制訪問IPOracle資料庫