Nginx Lua Redis防止CC攻击导致部分定时任务IP被拉黑

问答中心分类: NginxNginx Lua Redis防止CC攻击导致部分定时任务IP被拉黑
aimerforreimu asked 7 年 ago
如题所示,我网站有一个api需要一个其他服务器的定时任务来访问,但是最近发现定时任务的IP被拉入到黑名单了,返回码是503
登陆redis一看,果然是lua的锅
问一下Y大,如果修改waf的规则,给这个ip放到白名单里面,保证不被拉黑
这是Y的给的代码,能否稍微修改一下

local get_headers = ngx.req.get_headerslocal ua = ngx.var.http_user_agentlocal uri = ngx.var.request_urilocal url = ngx.var.host .. urilocal redis = require \’redis\’local red = redis.new()local CCcount = 20local CCseconds = 60local RedisIP = \’127.0.0.1\’local RedisPORT = 6379local blackseconds = 7200if ua == nil then ua = \”unknown\”endif (uri == \”/wp-admin.php\”) then CCcount=20 CCseconds=60endred:set_timeout(100)local ok, err = red.connect(red, RedisIP, RedisPORT)if ok then red.connect(red, RedisIP, RedisPORT) function getClientIp() IP = ngx.req.get_headers()[\”X-Real-IP\”] if IP == nil then IP = ngx.req.get_headers()[\”x_forwarded_for\”] end if IP == nil then IP = ngx.var.remote_addr end if IP == nil then IP = \”unknown\” end return IP end local token = getClientIp() .. \”.\” .. ngx.md5(url .. ua) local req = red:exists(token) if req == 0 then red:incr(token) red:expire(token,CCseconds) else local times = tonumber(red:get(token)) if times >= CCcount then local blackReq = red:exists(\”black.\” .. token) if (blackReq == 0) then red:set(\”black.\” .. token,1) red:expire(\”black.\” .. token,blackseconds) red:expire(token,blackseconds) ngx.exit(503) else ngx.exit(503) end return else red:incr(token) end end returnend

1 Answers
oneinstack answered 7 年 ago
可以新增规则设置IP白名单。