Shulou(Shulou.com)06/01 Report--

This article will explain in detail how the Nginx server can restrict access through ip and user_gent. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

DDOS attack is a problem often encountered when visiting a site on a large scale. it means that someone maliciously scans some pages of the site through the program, resulting in slow response or direct denial of service.

In this case, by analyzing the access log of nginx, we can find that there are a large number of requests with the same ip or user_agent. We can filter out these access requests directly at the nginx level according to the similarity of requests.

Restrict access through ip

Related documents of access control module in Nginx

Http://nginx.org/en/docs/http/ngx_http_access_module.html

Access control can deny access through the deny instruction, and the allow instruction allows access.

When there are multiple deny and allow rules, matching to the corresponding rule will pop out.

Refuse to fix ip

Deny 192.168.1.12

Reject ip segment

Deny 192.168.1.0/24

Only private network access is allowed

Allow 192.168.1.0 Band24 deny all

Restrict access through user_agent

Nginx does not have a specific restriction instruction for user_agent. User_agent can be accessed through the $http_user_agent variable in nginx, use the if instruction to regularly match the user_agent, and deny access to the matching rules.

The if instruction in nginx is introduced in more detail in the rewrite module.

Http://nginx.org/en/docs/http/ngx_http_rewrite_module.html

Restrict access to Jmeter testing tools through user_agent

If ($http_user_agent ~ "^ Apache.*Java") {return 403;} this is the end of the article on "how to restrict access through ip and user_gent on Nginx servers". I hope the above content can be helpful to you so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.