| Nginx 禁止猜测路径上传恶意代码 #需要nginx server字段中添加include blockip.conf 文件路径。 然后将其脚本放到crond计划中 |
1 #!/usr/bin/bash 2 LOG_DIR=/usr/local/nginx/logs 3 LOG_NAME=access.log 4 DEFINE=20 5 BLOCK_IP=/tmp/block_nginx.txt 6 INITIALIZE=$BLOCK_IP 7 WHITE_IP= 8 NGX_PID=/usr/local/nginx/logs/nginx_pid 9 NGX_BLOCK_CONF=/usr/local/nginx/conf/blockip.conf 10 NGX_COM=/usr/local/nginx/sbin/nginx 11 cd $LOG_DIR 12 grep -i -E -e "POST" -e "put" $LOG_NAME | grep "404" | awk '{print $1}' | sort -n | uniq -c | sort -nr | awk '{print $2"="$1}' > $BLOCK_IP 13 for i in $WHITE_IP ;do 14 15 sed -i '/$i/d' $BLOCK_IP 16 done 17 for i in `cat $BLOCK_IP` ;do 18 ip=`echo $i |/usr/bin/awk -F"=" '{print $1}'` 19 number=`echo $i | awk -F'=' '{print $2}'` 20 if [ $number -ge $DEFINE ]; then 21 grep $i $NGX_BLOCK_CONF &> /dev/null 22 fi 23 if [ $? -gt 0 ]; then 24 echo "deny $ip;" >> $NGX_BLOCK_CONF 25 fi 26 done 27 $($NGX_COM -s reload)