nginx 监控日志封禁恶意IP

使用 nginx deny 拦截恶意IP ### 1.创建文件 touch /etc/nginx/blocksip.conf touch /etc/nginx/blocksip.tmp ### 2.nginx 配置文件 ` server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; include blocksip.conf; ... }` <!--more--> ### 3.创建shell脚本文件 vi /etc/nginx/ipnginxcheck.sh #!/bin/bash NGX_DIR=/etc/nginx # 解封IP # echo "" > $NGX_DIR/blocksip.conf # 判断1分钟前重复的数量是否超过60个 awk -v date=$(date -d '1 minute ago' +['%d/%b/%Y:%H:%M']) '$4 > date {print $0}' /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -cd | awk '{if($1>60)print $0}' > $NGX_DIR/blocksip.tmp if [ -s "$NGX_DIR/blocksip.tmp" ] then for ip in `cat /etc/nginx/blocksip.tmp|awk '{print $2}'` do result=$(grep $ip $NGX_DIR/blocksip.conf) #判断ip是否已经被屏蔽 if [ -z "$result" ]; then echo "deny $ip;" >> $NGX_DIR/blocksip.conf fi done /usr/sbin/nginx -s reload fi chmod +x /etc/nginx/ipnginxcheck.sh ### 4.创建计划任务 crontab -e 添加 * * * * * /etc/nginx/ipnginxcheck.sh 参考链接 >https://blog.csdn.net/weixin_43268590/article/details/130832562 >https://blog.csdn.net/zalan01408980/article/details/104533427