Linux/Python学习论坛-京峰教育

 找回密码
 立即注册

一键登录:

搜索
热搜: 活动 交友 discuz
查看: 1904|回复: 0

nginx 自动封 ip 过高连接

[复制链接]

238

主题

288

帖子

1925

积分

超级版主

Rank: 8Rank: 8

积分
1925
QQ
发表于 2015-4-4 15:20:27 | 显示全部楼层 |阅读模式
本帖最后由 My-shiguang 于 2015-4-4 15:21 编辑

用命令查看web连接过高的IP地址,但是需要人工智能去封,太麻烦了,直接写个脚本自动解决。web服务器是用nginx,python为2.6
  首先在nignx的config中建立空文件deny.ip, 然后在nginx.conf 的http标签中添加“include deny.ip;”。在nginx下sbin的目录中放入自动脚本。脚本可以查到连接最大的IP,并插入屏蔽列表中,验证正确性后导入配置。全部完成或者出错后发送邮件。被封ip再次访问会报403错误,如果不希望报错可以跳转到其它页面。源码如下:




check_deny_up.py




#!/bin/python
#-*- coding:utf-8 -*-
# Filename:    main.py
# Revision:    1.0
# Date:        2012-06-20
# Author:      simonzhang
# web:         www.simonzhang.net
# Email:       simon-zzm@163.com
### END INIT INFO
importos
fromstring importstrip
fromemail.mime.text importMIMEText
importsmtplib
####
check_comm ="/bin/netstat -antp|grep :80|awk ' ''{print $5}'|awk -F: '{print $1}'|sort -r|uniq -c|sort -n -k1 -r"
max_ip =100
mail_host =‘’;
mail_user =‘’;
mail_pwd =‘’;
mail_to =‘’;
mail_cc =‘’;
defreboot_nginx_sendmail(ip_list):
#### reboot nginx
_get_check_confile =os.popen('./nginx -t').readlines()
ifstr(_get_check_confile.find('ok')) !='-1':
os.system('./nginx -s reload')
_mail_content =ip_list
else:
_mail_content ='Error'
#### send mail
msg =MIMEText(_mail_content)
msg['From'] =mail_user
msg['Subject'] =' force ip.'
msg['To'] =mail_to
try:
s =smtplib.SMTP()
s.connect(mail_host)
s.login(mail_user, mail_pwd)
s.sendmail(mail_user, [mail_to, mail_cc], msg.as_string())
s.close()
exceptException, e:
printe
#### force out IP
defforce_out(_deny_ip):
_write_status =0
_read_force_file =open('../conf/deny.ip', 'rb').read()
ifstr(_read_force_file.find(_deny_ip)) =='-1':
try:
_get_force_file =open('../conf/deny.ip', 'ab')
_get_force_file.write('deny %s ;\n'%_deny_ip)
_get_force_file.close()
_write_status =1
return_write_status
except:
return_write_status
reboot_nginx_sendmail("Error !")
return_write_status
defmain():
get_high_ip =os.popen('%s'%check_comm).readlines()
_count_force_ip =0
_force_ip_list =''
fori inxrange(3):
try:
_get_count =strip(get_high_ip).split(' ')[0]
_get_ip =strip(strip(get_high_ip).split(' ')[1])
except:
_get_count =0
_get_ip =''
# Maximum connection IP is Beyond the limit value
if(int(_get_count) > max_ip) and(len(_get_ip) > 0):
force_ip =_get_ip
_get_status =force_out(force_ip)
# check maximum is added in the deny.ip file
ifstr(_get_status) =='1':
_count_force_ip +=1
_force_ip_list +=' %s '%force_ip
#    if _count_force_ip > 0:
#        reboot_nginx_sendmail(_force_ip_list)
if__name__ =='__main__':
main()


启动i脚本
check_deny_up.sh


#! /bin/bash
#
# make simon-zzm@163.com
#
#
### END INIT INFO
# Source function library.
. /etc/profile
cd/Data/apps/nginx/sbin/
# See how we were called.
case"$1"in
start)
/usr/local/bin/pythoncheck_ip_deny.py
;;
*)
echo$"Usage: $0 {start}"
exit1
esac
exit


回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|小黑屋|京峰教育,只为有梦想的人 ( 京ICP备15013173号 )

GMT+8, 2021-3-8 16:31 , Processed in 0.029076 second(s), 12 queries , Apc On.

快速回复 返回顶部 返回列表