Shulou(Shulou.com)06/01 Report--

Editor to share with you how Nginx uses Lua+Redis to achieve dynamic blocking IP method, I believe that most people do not know much about it, so share this article for your reference, I hope you will learn a lot after reading this article, let's go to know it!

I. background

In our daily maintenance of the website, we often encounter such a requirement that in order to block certain crawlers or malicious users' requests to the server, we need to establish a dynamic IP blacklist. For the IP in the blacklist, the service is denied.

This article introduces Nginx's method of dynamically blocking IP using Lua+Redis. Let's take a look at the detailed introduction.

II. Structure

There are many ways to implement the function of IP blacklist:

1. At the operating system level, configure iptables and reject network requests that specify IP.

2. At the Web Server level, configure the IP blacklist through Nginx's own deny option or lua plug-in

3. At the application level, check whether the client IP is blacklisted before requesting the service.

To facilitate management and sharing, we implement the function of IP blacklist through the architecture of Nginx+Lua+Redis. The architecture figure is as follows:

Architecture diagram

III. Realization

1. Install the Nginx+Lua module. It is recommended to use OpenResty, which is a Nginx server that integrates various Lua modules:

OpenResty

2. Install and start the Redis server

3. Configure Nginx example:

Nginx configuration

Among them

Lua_shared_dict ip_blacklist 1m

A 1m shared memory space is allocated by the Nginx process to cache the IP blacklist. See:

Https://github.com/openresty/lua-nginx-module#lua_shared_dict

Access_by_lua_file lua/ip_blacklist.lua

Specify the lua script location

4. Configure the lua script to obtain the latest IP blacklist from Redis on a regular basis. For more information, please see:

Https://gist.github.com/Ceelog/39862d297d9c85e743b3b5111b7d44cb

Lua script content

5. Create a new data ip_blacklist of Set type on the Redis server and add the latest IP blacklist.

After completing the above steps, reload nginx and the configuration will take effect.

When accessing the server, if your IP address is on the blacklist, access will be denied:

Access denied

IV. Summary

Above is the IP blacklist function implemented by Nginx+Lua+Redis, which has the following advantages:

1. Simple configuration, light weight, and almost no impact on server performance

2. Multiple servers can share the blacklist through Redis instances

3. Dynamic configuration, you can set the blacklist in Redis manually or by some automated way.

These are all the contents of this article entitled "how to use Lua+Redis to dynamically block IP in Nginx". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.