nginx拉黑过多访问的IP(忘记参考自哪里,抱歉)

脚本需要根据实际的nginx log 格式,修改,取出 访问IP 和User-Agent.
在nginx配置文件中添加一条配置
include /etc/nginx/conf.d/blockip.conf; 


tail -n 500000 /var/log/nginx/access.log |awk '{print $1,$12}' |grep -i -v -E "google|yahoo|baidu|msnbot|FeedSky|sogou" |awk '{print $1}'|sort|uniq -c|sort -rn |awk '{if($1>1000)print "deny "$2";"}' > /etc/nginx/conf.d/blockip.conf


重启nginx










只需要查看的话   执行命令
 tail -n 500000 /var/log/nginx/access.log |awk '{print $1,$12}' |grep -i -v -E "google|yahoo|baidu|msnbot|FeedSky|sogou" |awk '{print $1}'|sort|uniq -c|sort -rn|awk '$1 > 1000{print $2}'

你可能感兴趣的:(nginx)