zoukankan      html  css  js  c++  java
  • nginx下使用fail2ban防止网站被CC

    --安装fail2ban
    yum install -y epel-release
    yum install -y fail2ban


    --配置fail2ban
    vi /etc/fail2ban/jail.conf
    [http-get-dos]
    enabled = true
    port = http
    filter = http-get-dos
    logpath = /home/wwwlogs/access.log
    maxretry = 100
    findtime = 5
    bantime = 600
    action = iptables[name=HTTP,port=http,protocol=tcp]

    /* 参数含义
    filter = http-get-dos #--filter.d/http-get-dos.conf 文件名
    logpath = /home/wwwlogs/access.log #--需要监控nginx日志log
    maxretry = 100 #-- 最多访问100
    findtime = 10 #-- 10秒
    bantime = 1200 #-- 20分钟
    */

    vi /etc/fail2ban/filter.d/http-get-dos.conf
    [Definition]
    failregex = <HOST> -.*- .*HTTP/1.* .* .*$
    ignoreregex =


    --配置fail2ban日志
    vi /etc/fail2ban/fail2ban.conf
    loglevel = WARNING
    logtarget = /var/log/fail2ban.log

    --重启生效
    service fail2ban restart


    --屏蔽日志
    tail -f /var/log/fail2ban.log


    --#删除屏蔽
    iptables -D f2b-HTTP 1

    --定时清理 nginx / fail2ban 日志

    vi /root/scripts/del_cc_log.sh
    #! /bin/bash

    cat /dev/null > /home/wwwlogs/access.log
    cat /dev/null > /var/log/fail2ban.log

    crontab -e
    30 3 * * 0 sh /root/scripts/del_cc_log.sh


    --开启crontab
    /etc/init.d/crond start

    chkconfig --list|grep crond

    --屏蔽ssh探测
    vi /etc/fail2ban/jail.conf

    [ssh-iptables]
    enabled = true
    filter = sshd
    action = iptables[name=SSH, port=ssh, protocol=tcp]
    logpath = /var/log/secure
    maxretry = 10
    bantime = 144000


    --#删除屏蔽
    iptables -D f2b-SSH 1

  • 相关阅读:
    OJ 之 FATE
    hdu 1701 (Binary Tree Traversals)(二叉树前序中序推后序)
    POJ 1789 Truck History
    数据结构之 普利姆算法总结
    HDU OJ 2159 FATE
    The Great Pan
    2014年的暑假ACM之旅!
    0-1背包问题
    中国剩余定理的解释!
    POJ 1183 反正切函数的应用
  • 原文地址:https://www.cnblogs.com/justdba/p/7231903.html
Copyright © 2011-2022 走看看