| Nginx 禁止猜测路径上传恶意代码 #需要nginx server字段中添加include blockip.conf 文件路径。 然后将其脚本放到crond计划中 |
1 #!/usr/bin/bash
2 LOG_DIR=/usr/local/nginx/logs
3 LOG_NAME=access.log
4 DEFINE=20
5 BLOCK_IP=/tmp/block_nginx.txt
6 INITIALIZE=$BLOCK_IP
7 WHITE_IP=
8 NGX_PID=/usr/local/nginx/logs/nginx_pid
9 NGX_BLOCK_CONF=/usr/local/nginx/conf/blockip.conf
10 NGX_COM=/usr/local/nginx/sbin/nginx
11 cd $LOG_DIR
12 grep -i -E -e "POST" -e "put" $LOG_NAME | grep "404" | awk '{print $1}' | sort -n | uniq -c | sort -nr | awk '{print $2"="$1}' > $BLOCK_IP
13 for i in $WHITE_IP ;do
14
15 sed -i '/$i/d' $BLOCK_IP
16 done
17 for i in `cat $BLOCK_IP` ;do
18 ip=`echo $i |/usr/bin/awk -F"=" '{print $1}'`
19 number=`echo $i | awk -F'=' '{print $2}'`
20 if [ $number -ge $DEFINE ]; then
21 grep $i $NGX_BLOCK_CONF &> /dev/null
22 fi
23 if [ $? -gt 0 ]; then
24 echo "deny $ip;" >> $NGX_BLOCK_CONF
25 fi
26 done
27 $($NGX_COM -s reload)
