Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to configure Nginx to deny agent access to specified IP in linux system". In daily operation, I believe that many people have doubts about how to configure Nginx to deny agent access to specified IP in linux system. Xiaobian consulted all kinds of materials and sorted out a simple and useful method of operation. I hope it will be helpful to answer the doubt of "how to configure Nginx in linux system to deny agent access to specified IP". Next, please follow the editor to study!

Let's talk about the simple structure first. A Nginx reverse proxy at the front end and a Nginx instance app for PHP at the back end. In fact, it is a Discuz, before the face of CC attacks are early warning scripts or go CDN, but this time the attacker no longer hit the traffic, but against the database request page attacks, such as search operation. Post ID F5 and so on. According to log analysis, the attack started with 3 URL, which used Nginx matching $query_string to return 503s. However, it will make the page inaccessible, so come up with such a compromise.

First of all, take a look at a log of an agent request:

# # through analysis, it is found that the data accessed by its agent in the backend are all two IP. By default, direct access to the real IP has only one IP, while surfing the Internet through 3G\ 4G on the mobile phone is only two IP. However, if there is an anonymous IP, there is only one IP to the server, which is difficult to judge.

[root@ipython conf] # tail-f / var/log/nginx/logs/access.log | grep ahtax

120.193.47.34-[26/Sep/2014:23:34:44 + 0800] "GET / ahtax/index.html HTTP/1.0" 503 1290 "-" Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 "10.129.1.254120.193.47.34"

Use PHP to analyze the _ SERVER variable when accessing

The code is as follows:

[root@ipython conf] # cat /% path%/self_.php

Confirm the relevant parameters through browser access

With this feature, it is easy to judge. .

First of all, you need to have a rule to match the two IP,Nginx regular dependent pcre libraries in the log.

The code is as follows:

[root@ipython conf] # pcretest

PCRE version 7.8 2008-09-05

Re >'^\ dflowers.\ dstones.\ d+\ W\ s\ dstones.\ dflowers.\ dflowers.\ dflowers'

Data > 192.168.1.1, 1.1.1.1

0: 192.168.1.1, 1.1.1.1

The Nginx configuration file adds conditions to location $dir to match http_x_forwarded_for:

# proxy

If ($http_x_forwarded_for ~'^\ dlegs.\ dflowers.\ dflowers.\ d+\ W\ s\ dstones.\ dflowers.\ dstones.\ dstones') {

Return 503

}

After reloading the configuration, you can restrict the users of the website who use the proxy IP to access.

At this point, the study on "how to configure Nginx in the linux system to deny agent access to the specified IP" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.