nginx 防ddos，cc攻击 下

上篇介绍了服务器遭遇攻击的背景以及解决方法，这一片没有废话直接上代码

对称加密算法，我从网上抄的；大家可以抄一下别的加密算法，比如 凯撒加密等等

php代码： 连接地址：http://www.thinkphp.cn/code/282.html

/**
 * 简单对称加密算法之加密
 * @param String $string 需要加密的字串
 * @param String $skey 加密EKY
 * @author Anyon Zou <zoujingli@qq.com>
 * @date 2013-08-13 19:30
 * @update 2014-10-10 10:10
 * @return String
 */
function encode($string = '', $skey = 'cxphp') {
    $strArr = str_split(base64_encode($string));
    $strCount = count($strArr);
    foreach (str_split($skey) as $key => $value)
        $key < $strCount && $strArr[$key].=$value;
    return str_replace(array('=', '+', '/'), array('O0O0O', 'o000o', 'oo00o'), join('', $strArr));
}
/**
 * 简单对称加密算法之解密
 * @param String $string 需要解密的字串
 * @param String $skey 解密KEY
 * @author Anyon Zou <zoujingli@qq.com>
 * @date 2013-08-13 19:30
 * @update 2014-10-10 10:10
 * @return String
 */
function decode($string = '', $skey = 'cxphp') {
    $strArr = str_split(str_replace(array('O0O0O', 'o000o', 'oo00o'), array('=', '+', '/'), $string), 2);
    $strCount = count($strArr);
    foreach (str_split($skey) as $key => $value)
        $key <= $strCount  && isset($strArr[$key]) && $strArr[$key][1] === $value && $strArr[$key] = $strArr[$key][0];
    return base64_decode(join('', $strArr));
}

　　

下面这一段是 lua脚本代码，其实就是翻译了一下 php的加密算法的代码(这段代码不是我写的，是我的一个做ios开发的朋友写的)

require('math')


local __author__ = 'Daniel Lindsley'
local __version__ = 'scm-1'
local __license__ = 'BSD'


local index_table = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'


function to_binary(integer)
    local remaining = tonumber(integer)
    local bin_bits = ''

    for i = 7, 0, -1 do
        local current_power = math.pow(2, i)

        if remaining >= current_power then
            bin_bits = bin_bits .. '1'
            remaining = remaining - current_power
        else
            bin_bits = bin_bits .. '0'
        end
    end

    return bin_bits
end

function from_binary(bin_bits)
    return tonumber(bin_bits, 2)
end


function to_base64(to_encode)
    local bit_pattern = ''
    local encoded = ''
    local trailing = ''

    for i = 1, string.len(to_encode) do
        bit_pattern = bit_pattern .. to_binary(string.byte(string.sub(to_encode, i, i)))
    end

    -- Check the number of bytes. If it's not evenly divisible by three,
    -- zero-pad the ending & append on the correct number of ``=``s.
    if math.mod(string.len(bit_pattern), 3) == 2 then
        trailing = '=='
        bit_pattern = bit_pattern .. '0000000000000000'
    elseif math.mod(string.len(bit_pattern), 3) == 1 then
        trailing = '='
        bit_pattern = bit_pattern .. '00000000'
    end

    for i = 1, string.len(bit_pattern), 6 do
        local byte = string.sub(bit_pattern, i, i+5)
        local offset = tonumber(from_binary(byte))
        encoded = encoded .. string.sub(index_table, offset+1, offset+1)
    end

    return string.sub(encoded, 1, -1 - string.len(trailing)) .. trailing
end


function from_base64(to_decode)
    local padded = to_decode:gsub("%s", "")
    local unpadded = padded:gsub("=", "")
    local bit_pattern = ''
    local decoded = ''

    for i = 1, string.len(unpadded) do
        local char = string.sub(to_decode, i, i)
        local offset, _ = string.find(index_table, char)
        if offset == nil then
             error("Invalid character '" .. char .. "' found.")
        end

        bit_pattern = bit_pattern .. string.sub(to_binary(offset-1), 3)
    end

    for i = 1, string.len(bit_pattern), 8 do
        local byte = string.sub(bit_pattern, i, i+7)
        decoded = decoded .. string.char(from_binary(byte))
    end

    local padding_length = padded:len()-unpadded:len()

    if (padding_length == 1 or padding_length == 2) then
        decoded = decoded:sub(1,-2)
    end
    return decoded
end

local function caesarDecode(sourceString,skey)
  if (sourceString == nil or (sourceString ~= nil and string.len(sourceString) == 0)) then
    sourceString = ""
  end
  if (skey == nil or (skey ~= nil and string.len(skey) == 0)) then
    skey = 1234567890
  end

  local resultString = ""

  sourceString = string.gsub(sourceString,"O0O0O","=")
  sourceString = string.gsub(sourceString,"o000o","+")
  sourceString = string.gsub(sourceString,"oo00o","/")

  local length = string.len(sourceString)
  local sourceArray = {}
  for i=1,length,2
  do
    local index = (i+1)/2
    if (i == length) then
      sourceArray[index] = string.sub(sourceString,i,i)
    else
      sourceArray[index] = string.sub(sourceString,i,i+1)
    end
  end

  local minLength = math.min(string.len(skey),table.getn(sourceArray))
  for j=1,minLength,1
  do
    local tempString = sourceArray[j]
    if (tempString ~= nil and string.len(tempString) > 0) then
      if (string.len(tempString) == 2 and string.sub(tempString,2,2) == string.sub(skey,j,j)) then
        sourceArray[j] = string.sub(tempString,1,1)
      end
    end
  end
  resultString = table.concat(sourceArray);

  return from_base64(resultString)
end

local function caesarEncode(sourceString,skey)
  if (sourceString == nil or (sourceString ~= nil and string.len(sourceString) == 0)) then
    sourceString = ""
  end
  if (skey == nil or (skey ~= nil and string.len(skey) == 0)) then
    skey = 1234567890
  end

  local resultString = ""

  local base64SourceString = to_base64(sourceString)
  local length = string.len(base64SourceString)
  local sourceArray = {}
  for i=1,length,1
  do
    sourceArray[i] = string.sub(base64SourceString,i,i)
  end

  local minLength = math.min(string.len(skey),table.getn(sourceArray))
  for j=1,minLength,1
  do
    sourceArray[j] = sourceArray[j]..string.sub(skey,j,j)
  end

  resultString = table.concat(sourceArray);

  resultString = string.gsub(resultString,"=","O0O0O")
  resultString = string.gsub(resultString,"+","o000o")
  resultString = string.gsub(resultString,"/","oo00o")

  return resultString
end

-- 用指定字符串切割另一个字符串
local function strSplit(str, delimeter)
  local find, sub, insert = string.find, string.sub, table.insert
  local res = {}
  local start, start_pos, end_pos = 1, 1, 1
  while true do
    start_pos, end_pos = find(str, delimeter, start, true)
    if not start_pos then
      break
    end
    insert(res, sub(str, start, start_pos - 1))
    start = end_pos + 1
  end
  insert(res, sub(str,start))
  return res
end

-- 验证user-agent
function validateAgent(user_agent)
  if string.find(user_agent,"myappuseragen") == nil then
      return false
  end
      
  local sourceArray = strSplit(user_agent, ",")

  if table.getn(sourceArray) == 3 then
    local sourceString = sourceArray[1]
    local timeStamp = tonumber(sourceArray[2])
    local time = os.time()
    if (time-timeStamp>60) then
      return false
    end
    local encryption = sourceArray[3]
    if (sourceString..timeStamp == caesarDecode(encryption,"")) then
      return true
    else
      return false
    end
  else
    return false
  end
end

-- 验证request_uri
function validateRequestUri(request_uri)
  if request_uri == "/api/abcd"
  then
    return true
  elseif request_uri == "/api/test"
  then
    return true
  else
    return false
  end
end

-- 请求头
local headers = ngx.req.get_headers()
--请求的user_agent
local user_agent = headers["user-agent"]
local request_uri = ngx.var.request_uri

if validateRequestUri(request_uri)
then
  -- ngx.say("HTTP_OK")
  -- ngx.exit(ngx.HTTP_OK)
elseif validateAgent(user_agent)
then
  -- ngx.say("HTTP_OK")
  -- ngx.exit(ngx.HTTP_OK)
else
  -- ngx.say("HTTP_FORBIDDEN")
  ngx.exit(ngx.HTTP_FORBIDDEN)
end