nginx防刷limit 设置白名单(geo模块)
2013-05-31 20:51
1031 查看
Geo 模块
http {
includeconf/mime.types;
default_typeapplication/octet-stream;
geo$geo {
default default;
218.30.115.0/24 china_telecom;
202.106.182.0/24 china_unicom;
202.205.3.0/24 cernet;
}
Upstream default {
Server192.168.0.2:8080;
}Upstream china_telecom { Server192.168.0.3:8080;
}Upstream china_unicom { Server192.168.0.4:8080;
}Upstream cernet { Server192.168.0.5:8080;
}Server {listen 80;server_name localhost; location/ {proxy_redirect off;proxy_set_header Host $http_host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For$proxy_add_x_forwarded_for; proxy_next_upstream error timeout http_503 http_502http_504; proxy_pass http://$geo; access_log /home/nginx_log/member_acc_log main; error_log/home/nginx_log/member_err_log; }}}
geo 指令
default:任何ip地址,相当于0.0.0.0/0
ranges:支持区间形式来指定ip段,该指令必须卸载geo配置环境的第一行。如:127.0.0.0-127.0.0.255
注:官方nginx 未找到白名单功能,只是全局负载均衡
Tengine nginx
geo 白名单配置
http {
include mime.types;
default_type application/octet-stream;
limit_req_zone $binary_remote_addr zone=one:3m rate=1r/m;
limit_req_zone $binary_remote_addr $uri zone=two:3m rate=1r/m;
limit_req_zone $binary_remote_addr $request_uri zone=three:3m rate=1r/m;
geo $white_ip {
#ranges;
default 0;
10.0.0.0/8 1;
192.168.0.0/16 2;
}
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
limit_req_whitelist geo_var_name=white_ip geo_var_value=1;
limit_req_whitelist geo_var_name=white_ip geo_var_value=2;
limit_req zone=one burst=2 nodelay;
limit_req zone=two burst=2 nodelay;
limit_req zone=three burst=2 nodelay;
index index.html index.htm;
}
}
}
表示白名单,要协同geo模块进行工作,其中geo_var_name表示geo模块设置的变量名,而geo_var_value表示geo模块设置的变量值。比如: geo $white_ip { ranges; default 0; 127.0.0.1-127.0.0.255 1; }
limit_req_whitelist geo_var_name=white_ipgeo_var_value=1;上面表示ip127.0.0.1-127.0.0.255这个区间都会跳过limit_req的处理。
http {
includeconf/mime.types;
default_typeapplication/octet-stream;
geo$geo {
default default;
218.30.115.0/24 china_telecom;
202.106.182.0/24 china_unicom;
202.205.3.0/24 cernet;
}
Upstream default {
Server192.168.0.2:8080;
}Upstream china_telecom { Server192.168.0.3:8080;
}Upstream china_unicom { Server192.168.0.4:8080;
}Upstream cernet { Server192.168.0.5:8080;
}Server {listen 80;server_name localhost; location/ {proxy_redirect off;proxy_set_header Host $http_host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For$proxy_add_x_forwarded_for; proxy_next_upstream error timeout http_503 http_502http_504; proxy_pass http://$geo; access_log /home/nginx_log/member_acc_log main; error_log/home/nginx_log/member_err_log; }}}
geo 指令
default:任何ip地址,相当于0.0.0.0/0
ranges:支持区间形式来指定ip段,该指令必须卸载geo配置环境的第一行。如:127.0.0.0-127.0.0.255
注:官方nginx 未找到白名单功能,只是全局负载均衡
Tengine nginx
geo 白名单配置
http {
include mime.types;
default_type application/octet-stream;
limit_req_zone $binary_remote_addr zone=one:3m rate=1r/m;
limit_req_zone $binary_remote_addr $uri zone=two:3m rate=1r/m;
limit_req_zone $binary_remote_addr $request_uri zone=three:3m rate=1r/m;
geo $white_ip {
#ranges;
default 0;
10.0.0.0/8 1;
192.168.0.0/16 2;
}
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
limit_req_whitelist geo_var_name=white_ip geo_var_value=1;
limit_req_whitelist geo_var_name=white_ip geo_var_value=2;
limit_req zone=one burst=2 nodelay;
limit_req zone=two burst=2 nodelay;
limit_req zone=three burst=2 nodelay;
index index.html index.htm;
}
}
}
表示白名单,要协同geo模块进行工作,其中geo_var_name表示geo模块设置的变量名,而geo_var_value表示geo模块设置的变量值。比如: geo $white_ip { ranges; default 0; 127.0.0.1-127.0.0.255 1; }
limit_req_whitelist geo_var_name=white_ipgeo_var_value=1;上面表示ip127.0.0.1-127.0.0.255这个区间都会跳过limit_req的处理。
相关文章推荐
- nginx利用geo模块做限速白名单以及geo实现全局负载均衡的操作记录
- NGINX白名单功能,ngx_http_limit_conn_module和ngx_http_limit_req_module值设置多少才合适呀?
- nginx利用limit模块设置IP并发防CC攻击
- nginx利用limit模块设置IP并发防CC攻击
- 利用nginx“ngx_http_referer_module”模块设置防盗链
- 两种方法设置nginx并发限制下面的白名单策略
- Nginx PHP 使用 limit_req,limit_conn 限制并发,外加白名单
- elk模块x-pack简单替代,按照索引设置不同用户(nginx权限控制)
- lnmp之php-fpm+nginx+ulimit的综合设置之故障排除
- nginx geo 模块实现全局负载均衡 推荐
- nginx限制连接数ngx_http_limit_conn_module模块笔记:二
- nginx限制连接数(ngx_http_limit_conn_module)模块
- Nginx limit 限制访问模块的方法
- NGINX httplimitreq 限速设置
- nginx 的限制连接模块limit_zone与limit_req_zone
- Nginx限制访问速率和最大并发连接数模块--limit (防止DDOS攻击)
- nginx 的限制连接模块limit_zone与limit_req_zone
- nginx 的限制连接模块limit_zone与limit_req_zone
- nginx访问限制模块limit_conn_zone 和limit_req_zone配置使用详解
- 关于Nginx的limit_conn模块的思考