内容简介:参考:安装:$ apt-get install fail2ban
参考: https://easyengine.io/tutorials/nginx/fail2ban/
安装:
$ apt-get install fail2ban
安装后:
$ cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
然后修改 jail.local的内容:
[nginx-req-limit] enabled = true filter = nginx-req-limit action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp] logpath = /var/log/nginx/access.log findtime = 60 maxretry = 600 bantime = 600
查看配置;
fail2ban-client -d
测试:
root@app:/var/log# fail2ban-regex /tmp/test.log /etc/fail2ban/filter.d/nginx-req-limit.conf Running tests ============= Use failregex filter file : nginx-req-limit, basedir: /etc/fail2ban Use log file : /tmp/test.log Use encoding : UTF-8 Results ======= Failregex: 112 total |- #) [# of hits] regular expression | 1) [112] -.*- .*HTTP/1.* .* .*$ `- Ignoreregex: 0 total Date template hits: |- [# of hits] date format | [112] Day(?P<_sep>[-/])MON(?P=_sep)Year[ :]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)? `- Lines: 112 lines, 0 ignored, 112 matched, 0 missed [processed in 0.01 sec]
日志如下:
222.68.34.237 - - [01/Jul/2019:19:27:16 +0800] "GET /comp_recruit_infos/414?query=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DOWASP%2520ZAP HTTP/1.1" 403 178 "https://www.wondercv.com/campus_recruiting/user_show?page=102" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0" - 222.68.34.237 - - [01/Jul/2019:19:27:16 +0800] "GET /comp_recruit_infos/39 HTTP/1.1" 403 178 "https://www.wondercv.com/campus_recruiting/user_show?page=101" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0" - 222.68.34.237 - - [01/Jul/2019:19:27:16 +0800] "GET /comp_recruit_infos/34 HTTP/1.1" 403 178 "https://www.wondercv.com/campus_recruiting/user_show?page=108" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0" - 222.68.34.237 - - [01/Jul/2019:19:27:16 +0800] "POST /comp_recruit_infos/401/post HTTP/1.1" 403 178 "https://www.wondercv.com/comp_recruit_infos/401" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0" - 222.68.34.237 - - [01/Jul/2019:19:27:16 +0800] "POST /comp_recruit_infos/366/post HTTP/1.1" 403 178 "https://www.wondercv.com/comp_recruit_infos/366" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0" - (下面重复100行)
最后,查看fail2ban的结果:
root@app:/etc/fail2ban# tail /var/log/fail2ban.log -f 2019-07-01 19:37:30,820 fail2ban.filter [32746]: INFO Set jail log file encoding to UTF-8 2019-07-01 19:37:30,824 fail2ban.jail [32746]: INFO Initiated 'pyinotify' backend 2019-07-01 19:37:30,834 fail2ban.filter [32746]: INFO Added logfile = /var/log/nginx/access.log 2019-07-01 19:37:30,838 fail2ban.filter [32746]: INFO Set maxRetry = 600 2019-07-01 19:37:30,838 fail2ban.filter [32746]: INFO Set findtime = 60 2019-07-01 19:37:30,839 fail2ban.filter [32746]: INFO Set jail log file encoding to UTF-8 2019-07-01 19:37:30,839 fail2ban.actions [32746]: INFO Set banTime = 600 2019-07-01 19:37:30,845 fail2ban.jail [32746]: INFO Jail 'sshd' started 2019-07-01 19:37:30,852 fail2ban.jail [32746]: INFO Jail 'nginx-req-limit' started 2019-07-01 19:37:31,463 fail2ban.actions [32746]: NOTICE [nginx-req-limit] Ban 222.68.34.237
如果不小心ban了ip , 可以使用这个方法手动解封:
http://siwei.me/blog/posts/linux-nginx-ip-ip以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:
- Prometheus 为你的微服务保驾护航
- 一款 GitHub 代码泄露监控系统,为企业安全保驾护航!
- 面对runc逃逸漏洞,华为云容器为您保驾护航
- 中文项目:快速识别验证码,CNN也能为爬虫保驾护航
- shadowtunnel v1.6 发布: 新增 SDK 支持 , 为上网保驾护航 !
- shadowtunnel v1.6 发布: 新增 SDK 支持 , 为上网保驾护航 !
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
UNIX环境高级编程(第3版)
史蒂文斯 (W.Richard Stevens)、拉戈 (Stephen A.Rago) / 戚正伟、张亚英、尤晋元 / 人民邮电出版社 / 2014-6-1 / 128.00元
《UNIX环境高级编程(第3版)》是被誉为UNIX编程“圣经”的Advanced Programming in the UNIX Environment一书的第3版。在本书第2版出版后的8年中,UNIX行业发生了巨大的变化,特别是影响UNIX编程接口的有关标准变化很大。本书在保持前一版风格的基础上,根据最新的标准对内容进行了修订和增补,反映了最新的技术发展。书中除了介绍UNIX文件和目录、标准I/......一起来看看 《UNIX环境高级编程(第3版)》 这本书的介绍吧!
