阿里云基于slb访问日志,在cdn限制用户的真实ip访问次数
一、总执行脚本
#!/bin/bash #每分钟限制访问的最大次数,大于等于该数,就封ip10分钟 max_request_num=30 slb_access_log_file=/tmp/slb_access_log.log slb_api_log_file=/tmp/slb_api.log ban_ip_file=/tmp/ban_ip_time.txt python /usr/local/scripts/slb_log.py >${slb_access_log_file} egrep "http_x_forwarded_for" ${slb_access_log_file} >${slb_api_log_file} python /usr/local/scripts/slb_access_ip_count.py if [ -s ${ban_ip_file} ];then date_time=`date +%s` for i in `cat /tmp/ban_ip_time.txt`;do if [ `echo $i|awk -F"-" '{print $2}'` -lt ${date_time} ];then remove_ip=`echo $i|awk -F"-" '{print $1}'` #删除限制的ip
sed -i "/${i}/d" ${ban_ip_file} fi done fi if [ -s ${ban_ip_file} ];then CDN_BAN_IP=`awk -F "-" '{printf $1","}' ${ban_ip_file}` else CDN_BAN_IP='' fi #cdn的ip限制与解除限制 python /usr/local/scripts/cdn_realm_ip_ban.py ${CDN_BAN_IP}
二、日志脚本(slb_log.py)
import time from aliyun.log.logitem import LogItem from aliyun.log.logclient import LogClient from aliyun.log.getlogsrequest import GetLogsRequest from aliyun.log.putlogsrequest import PutLogsRequest from aliyun.log.listlogstoresrequest import ListLogstoresRequest from aliyun.log.gethistogramsrequest import GetHistogramsRequest import re def main(): endpoint = 'cn-qingdao.log.aliyuncs.com' accessKeyId = 'xxxxx' accessKey = 'xxxx' project = 'xxxx' logstore = 'xxxx' client = LogClient(endpoint, accessKeyId, accessKey) req1 = ListLogstoresRequest(project) res1 = client.list_logstores(req1) # res1.log_print() topic = "" source = "" listShardRes = client.list_shards(project, logstore) for shard in listShardRes.get_shards_info(): shard_id = shard["shardID"] start_time = int(time.time() - 60) end_time = start_time + 60 res = client.get_cursor(project, logstore, shard_id, start_time) res.log_print() start_cursor = res.get_cursor() res = client.get_cursor(project, logstore, shard_id, end_time) end_cursor = res.get_cursor() res = client.pull_logs(project, logstore, shard_id, start_cursor,1, end_cursor) while True: loggroup_count = 1 res = client.pull_logs(project, logstore, shard_id, start_cursor, loggroup_count, end_cursor) log = res.log_print() next_cursor = res.get_next_cursor() if next_cursor == start_cursor: break start_cursor = next_cursor if __name__ == "__main__": main()
三、统计脚本(slb_access_ip_count.py )
#!/usr/bin/python coding=utf-8 import time access_ip_list = [] access_file_path = '/tmp/slb_test2.log' ban_ip_file_path = '/tmp/ban_ip_test.txt' #单个ip每分钟限制的最大访问数 max_access_num = 20 #访问限制时间(秒) ban_time = 600 #ip白名单 allow_ip_list = ['10.0.0.1','192.168.1.1'] f = open(access_file_path, 'r') for line in f.readlines(): text = eval(line) access_ip_list.append(text[1][0]['logs'][0]['http_x_forwarded_for']) f.close() ban_ip_list = [] for i in set(access_ip_list): count_num = access_ip_list.count(i) if count_num >= max_access_num: ban_ip_list.append(i) print ban_ip_list for i in allow_ip_list: try: ban_ip_list.remove(i) except Exception as e: continue print ban_ip_list ban_end_time = int(time.time()+ban_time) print ban_end_time with open(ban_ip_file_path,'a') as f: for ip in ban_ip_list: ip = ip+'-'+str(ban_end_time) f.write(ip) f.write('\n')
四、cdn脚本(cdn_realm_ip_ban.py)
#!/usr/bin/python from aliyunsdkcore import client from aliyunsdkcdn.request.v20141111 import SetIpBlackListConfigRequest import sys try: BAN_IP = sys.argv[1] except Exception as e: BAN_IP= '' AccessKeyId = 'xxxx' AccessKeySecret = 'xxxx' Endpoint = 'cn-qingdao' DomainName_list = ['awww.jd.com','www.baidu.com'] #域名列表 client = client.AcsClient(AccessKeyId,AccessKeySecret,Endpoint) request = SetIpBlackListConfigRequest.SetIpBlackListConfigRequest() for realm in DomainName_list: request.set_BlockIps(BAN_IP) request.set_DomainName(realm) response = client.do_action_with_exception(request)
