shell腳本+nginx+crontab防ddos

1、修改nginx配置文件：
vim /etc/nginx/nginx.conf
http {
…
…
include include/deny_list.txt; #在http裏面加入這條
}

2、創建文件：
touch /etc/nginx/include/deny_list.txt

3、編寫腳本：
vim /mnt/auto_ddos.sh
#!/bin/bash
#獲取access日誌每分鐘單個ip訪問次數超過500次的ip，並將此ip加入iptables，24小時後解封

log_path=/alidata/weblogs/access/www.huaqiaobao.cn_access.log
nginx_config=/etc/nginx/nginx.conf
month=env LANG=en_US.UTF-8 date|awk '{print $2}'
date=date +%d/${month}/%Y:%H:%M
grep “${date}” ${log_path}|awk ‘{print $1}’|sort |uniq -c|sort -nr|grep -v 183.129.173.34 >/mnt/number_ip.txt
line=cat /mnt/number_ip.txt|wc -l
for line in seq $line
do
number_ip=sed -n ${line}p /mnt/number_ip.txt
number=sed -n ${line}p /mnt/number_ip.txt|awk '{print $1}'
ip=sed -n ${line}p /mnt/number_ip.txt|awk '{print $2}'
time_new=date +%s
if [ ${number} -gt 500 ];then
grep ${ip} /etc/nginx/include/deny_list.txt
if [ $? != 0 ];then
echo “deny ${ip};” >>/etc/nginx/include/deny_list.txt
/usr/sbin/nginx -t -c ${nginx_config}
if [ $? = 0 ];then
/usr/sbin/nginx -s reload
grep ${ip} /mnt/ip_ddos.txt
if [ $? != 0 ];then echo "${time_new} ${ip}" >>/mnt/ip_ddos.txt
fi
fi
fi
fi
done

#24小時後解封ip
line=cat /mnt/ip_ddos.txt|wc -l
for line in seq $line
do
time_old=sed -n ${line}p /mnt/ip_ddos.txt|awk '{print $1}'
time_new=date +%s
time_finish=echo $((time_new-time_old))
ip=sed -n ${line}p /mnt/ip_ddos.txt|awk '{print $2}'
if [ ${time_finish} -gt 86400 ];then
grep ${ip} /etc/nginx/include/deny_list.txt
if [ $? = 0 ];then sed -i "/${ip}/d" /etc/nginx/include/deny_list.txt
/usr/sbin/nginx -t -c ${nginx_config}
if [ $? = 0 ];then /usr/sbin/nginx -s reload sed -i "/${ip}/d" /mnt/ip_ddos.txt
fi
fi
fi
done

4、編寫定時任務：
crontab -e

• • • • • sleep 58;sh /mnt/auto_ddos.sh