nginx防CC攻击配置,通过http_referer和限流实现CC攻击拦截

版权声明:本文为作者原创文章,转载请附上原文出处链接和本声明。
本文链接:http://doc.shulijp.com/jdetail/1594265124297

http {
    include       mime.types;
    default_type  application/octet-stream;
    #limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
   #limit_req_zone  $anti_spider  zone=one:10m   rate=10r/s;
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  www.shulijp.com;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
                #proxy_pass   http://127.0.0.1:8080 ;
                #proxy_pass   http://47.93.119.192:8080 ;
                rewrite "^/(.*)$" https://www.shulijp.com/$1 permanent;
        }
        index  index.html;
}
server {
        listen 443;
        server_name www.shulijp.com;
        ssl on;
        ssl_certificate   cert/www.shulijp.com.pem;
        ssl_certificate_key  cert/www.shulijp.com.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        location / {
                #limit_req zone=one burst=3 nodelay;
                 if ($request_method !~* "GET|POST") {
                         return 403;
                }
                #if ($http_referer ~* "yahoo.com|google.com|gmail.com|facebook.com|qq.com|https://baidu.com|youtube.com|reddit.com|https://https//|bing.com"){
                #   return 409;
                #}
                #root /data/;
               proxy_pass   http://127.0.0.1:8080;
                proxy_read_timeout 60s;
                proxy_set_header          Host            $host;
                proxy_set_header          X-Real-IP       $remote_addr;
                proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header 'Access-Control-Allow-Origin' '*';
        }
        index  index.html;
}
}

 

还能输入1000个字符