nginx lua 配置cc 防攻击-使用lua 配置黑白名单

程序员文章站 2022-06-03 21:16:10

...

cc 防攻击和ip 禁止期限

lua_shared_dict _dict 1m;
lua_shared_dict _blacklist 10m;
lua_shared_dict _whitelist 10m;
init_by_lua_file conf/lua/init.lua;
lua_package_path "/usr/local/nginx/conf/lua/?.lua;/usr/local/nginx/conf/channel/?.lua;";
location / {
    set_by_lua_file $cc_allow conf/lua/deny_cc.lua 300 60 300;
    if ($cc_allow == 1) {
        return 403;
    }    
}

init.lua

local whitelist = ngx.shared._whitelist
local config = require "whitelist"

for host, list in pairs(config.whitelist) do
    for j, ip in pairs(list) do
        local token = ip..host
        whitelist:set(token, true)
    end
end

whitelist.lua

_M_WHITELIST_ = {}
_M_WHITELIST_.whitelist = {
	["baidu.cn"] = {
		"1.1.1.1",
		"2.2.2.2"
	},
	["baidu.com"] = {
        "3.3.3.3",
        "4.4.4.4"
	}
}

deny_cc.lua

local token = ngx.var.remote_addr..ngx.var.host
local dict = ngx.shared._dict
local blacklist = ngx.shared._blacklist
local whitelist = ngx.shared._whitelist
local rate = tonumber(ngx.arg[1])
local seconds = tonumber(ngx.arg[2])
local duration = tonumber(ngx.arg[3])


local in_whitelist = whitelist:get(token)
if in_whitelist ~= nil then
    return 0
end

local in_blacklist, _ = blacklist:get(token)
if in_blacklist ~= nil then
    return 1
end

local req, _ = dict:get(token)
if req then
    dict:incr(token, 1)
    req = req + 1
    if req > rate then
        blacklist:set(token, true, duration)
        return 1
    end
else
    dict:set(token, 1, seconds)
end

return 0

上一篇： Ubuntu双网卡主机给其他主机共享网络

下一篇： eclipse编写C程序