doufuhao0566 2012-03-28 07:32 采纳率: 100%
浏览 57
已采纳

如何通过解析nginx日志文件自动拒绝IP地址

I have 4 webservers behind cloudflare and a loadbalancer, nginx is the webserver, php-fpm manages the php pages. I don't know how to block a simple dos attack ...

I'm able to detect this attack by using the http_limit_req module from nginx http://wiki.nginx.org/HttpLimitReqModule

but this is not blocking the attack at all, yes this can mitigate but webservers are hit and hit again, and php-fpm goes to 80% and in a minute the website is unreachable.

I'm trying to find a way to block this kind of request.

I know how to block certain ip address or certain useragent with nginx but i want to do it automatically. I think that I cannot block the ip with iptables because the request come from the loadbalancer :( but i'm still able to detect the correct ip address with the set_real_ip_from and real_ip_header X-Forwarded-For with nginx.

I have the log file (error.log) filled with the correct ip address as you can see:

2012/03/27 18:34:02 [error] 31234#0: *1283 limiting connections by zone "staging", client: XX.XX.XX.XXX, server: www.xxxxxxx.com, request: "HEAD /it HTTP/1.1", host: "www.xxxxxxx.com"

Someone have an idea and can teach me how to block automatically this ip?

  • 写回答

1条回答 默认 最新

  • douhuang4166 2012-03-28 07:40
    关注

    use fail2ban for this. It's a log-file parser for many different services which can detect failed logins, etc. and then block an IP-address.

    http://www.fail2ban.org

    Regards

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 驱动学习 环境部署中的问题
  • ¥15 【急】在线问答CNC雕刻机的电子电路与编程
  • ¥60 在mc68335芯片上移植ucos ii 的成功工程文件
  • ¥15 笔记本外接显示器正常,但是笔记本屏幕黑屏
  • ¥15 Python pandas
  • ¥15 蓝牙硬件,可以用哪几种方法控制手机点击和滑动
  • ¥15 生物医学数据分析。基础课程就v经常唱课程舅成牛逼
  • ¥15 云环境云开发云函数对接微信商户中的分账功能
  • ¥15 空间转录组CRAD遇到问题
  • ¥20 materialstudio计算氢键脚本问题