×ðÁú¿­Ê±

Nginx»á¼ûÏÞÖÆÉèÖ㬱ÜÃâ¶ñÒâ»á¼ûºÍÅÀ³æ¹¥»÷

nginx»á¼ûÏÞÖÆÉèÖ㬱ÜÃâ¶ñÒâ»á¼ûºÍÅÀ³æ¹¥»÷

СÐò£º

ÔÚµ±½ñ»¥ÁªÍøʱ´ú£¬¶ñÒâ»á¼ûºÍÅÀ³æ¹¥»÷³ÉΪÁ˺ܴóµÄÇå¾²Íþв¡£Nginx×÷Ϊһ¿î¸ßÐÔÄܵÄWebЧÀÍÆ÷ºÍ·´ÏòÊðÀíЧÀÍÆ÷£¬¿ÉÒÔͨ¹ýһЩÉèÖþÙÐлá¼ûÏÞÖÆ£¬ÒÔ± £»¤ÍøÕ¾ÃâÊÜÕâЩ¹¥»÷¡£±¾ÎĽ«ÏÈÈÝһЩ³£ÓõÄNginx»á¼ûÏÞÖÆÉèÖ㬲¢¸½´ø´úÂëʾÀý¡£

Ò»¡¢IPÊÇ·ÇÃûµ¥ÏÞÖÆ

IPºÚÃûµ¥ÏÞÖÆ

ÈôÒªÏÞÖÆij¸öIPµØµãµÄ»á¼û£¬¿ÉÒÔʹÓÃNginx×Ô´øµÄngx_http_access_moduleÄ£¿é¡£

http {
    # ½¨ÉèÒ»¸öblacklist.confÎļþÀ´´æ´¢ºÚÃûµ¥µÄIPµØµã
    include blacklist.conf;
    server {
        location / {
            # ÔÚÕâÀïÉèÖúÚÃûµ¥µÄ»á¼û¹æÔò
            deny 192.168.1.100;
            deny 192.168.1.0/24;
            deny 10.0.0.0/8;
            # ÆäËûÉèÖÃ...
        }
    }
}

µÇ¼ºó¸´ÖÆ

ÒÔÉÏÉèÖüòÆÓÃ÷Îú£¬¿ÉÒÔÖ±½ÓÔÚlocation¿éÄÚʹÓÃdenyÀ´¾Ü¾øÖ¸¶¨µÄIPµØµã»òIPµØµã¶ÎµÄ»á¼û¡£

IP°×Ãûµ¥ÏÞÖÆ

ÓëIPºÚÃûµ¥Ïà·´£¬ÈôÒª½öÔÊÐíijЩIPµØµã»á¼û¶ø¾Ü¾øÆäËûIPµØµã£¬¿ÉÒÔʹÓÃallowÏÂÁî¡£

http {
    # ½¨ÉèÒ»¸öwhitelist.confÎļþÀ´´æ´¢°×Ãûµ¥µÄIPµØµã
    include whitelist.conf;
    server {
        location / {
            # ÔÚÕâÀïÉèÖð×Ãûµ¥µÄ»á¼û¹æÔò
            allow 192.168.1.100;
            allow 192.168.1.0/24;
            allow 10.0.0.0/8;
            # ×îºó¾Ü¾øËùÓÐÆäËû»á¼û
            deny all;
            # ÆäËûÉèÖÃ...
        }
    }
}

µÇ¼ºó¸´ÖÆ

ÒÔÉÏÉèÖÃÖУ¬Ê¹ÓÃallowÏÂÁîÔÊÐíÖ¸¶¨µÄIPµØµã»òIPµØµã¶ÎµÄ»á¼û£¬deny allÔò»á¾Ü¾øÆäËûËùÓÐIPµØµãµÄ»á¼û¡£

¶þ¡¢User-AgentÏÞÖÆ

ÓÐЩÅÀ³æ¹¥»÷»áʹÓÃð³äµÄUser-Agent¾ÙÐлá¼û£¬Òò´ËÎÒÃÇ¿ÉÒÔͨ¹ýÏÞÖÆUser-AgentÀ´×èÖ¹ÕâÀ๥»÷¡£

http {
    server {
        location / {
            # ÔÚÕâÀïÉèÖþܾøijЩÌض¨User-AgentµÄ»á¼û
            if ($http_user_agent ~* (curl|wget) ) {
                return 403;
            }
            # ÆäËûÉèÖÃ...
        }
    }
}

µÇ¼ºó¸´ÖÆ

ÒÔÉÏÉèÖÃÖУ¬Ê¹ÓÃifÏÂÁî¼ÓÉÏÕýÔò±í´ïʽ£¬Æ¥Åäµ½Ìض¨µÄUser-Agent£¬È»ºóʹÓÃreturnÏÂÁî·µ»Ø403 Forbidden¡£

ÕâÑù£¬Ê¹ÓÃcurl»òwgetµÈ¹¤¾ßʵÑé»á¼ûÍøÕ¾µÄÇëÇ󽫱»¾Ü¾ø¡£

Èý¡¢ÆµÂÊÏÞÖÆ

ΪÁ˱ÜÃâDDoS¹¥»÷ºÍ±©Á¦ÆƽâµÈÐÐΪ£¬¿ÉÒÔÉèÖûá¼ûƵÂÊÏÞÖÆ¡£

http {
    limit_req_zone $binary_remote_addr zone=one:10m rate=2r/s;
    server {
        location / {
            # ÔÚÕâÀïÉèÖûá¼ûƵÂÊÏÞÖÆ
            limit_req zone=one burst=10 nodelay;
            # ÆäËûÉèÖÃ...
        }
    }
}

µÇ¼ºó¸´ÖÆ

ÒÔÉÏÉèÖÃÖУ¬Ê¹ÓÃlimit_req_zoneÏÂÁÉèÒ»¸ö´æ´¢IPµØµãµÄÄÚ´æÇøÓò£¬Ãû³ÆΪone£¬¾ÞϸΪ10m£¬²¢ÉèÖûá¼ûƵÂÊΪ2r/s¡£½Ó×ÅÔÚlocation¿éÄÚʹÓÃlimit_reqÏÂÁî¾ÙÐÐƵÂÊÏÞÖÆ£¬burst²ÎÊýÌåÏÖ»á¼ûÓâ¶îʱµÄ»º³åÇø¾Þϸ£¬nodelayÌåÏÖÖ»¹ÜÁ¬Ã¦´¦Öóͷ£ÇëÇó¡£

×ܽ᣺

ͨ¹ýÒÔÉϵÄIPÊÇ·ÇÃûµ¥ÏÞÖÆ¡¢User-AgentÏÞÖƺÍƵÂÊÏÞÖƵÄÉèÖÃʾÀý£¬ÎÒÃÇ¿ÉÒÔÓÐÓõرÜÃâ¶ñÒâ»á¼ûºÍÅÀ³æ¹¥»÷¡£ËäÈ»£¬ÏêϸµÄÉèÖû¹¿ÉÒÔƾ֤ÏÖʵÐèÇó¾ÙÐе÷½â¡£×îºó£¬Ï£ÍûÒÔÉÏÄÚÈݶÔÄúµÄNginx»á¼ûÏÞÖÆÉèÖÃÄܹ»ÓÐËù×ÊÖú¡£

ÒÔÉϾÍÊÇNginx»á¼ûÏÞÖÆÉèÖ㬱ÜÃâ¶ñÒâ»á¼ûºÍÅÀ³æ¹¥»÷µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±ÊµÊ±ÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
¡¾ÍøÕ¾µØͼ¡¿¡¾sitemap¡¿