nginx 自动封 ip 过高连接,nginxipweb服务器是用ng

文章由LinuxBoy分享于2019-04-04 09:04:10热评（208）

nginx 自动封 ip 过高连接,nginxipweb服务器是用ng

用命令查看web连接过高的IP地址，但是需要人工智能去封，太麻烦了，直接写个脚本自动解决。web服务器是用nginx，python为2.6

首先在nignx的config中建立空文件deny.ip, 然后在nginx.conf 的http标签中添加“include deny.ip;”。在nginx下sbin的目录中放入自动脚本。脚本可以查到连接最大的IP，并插入屏蔽列表中，验证正确性后导入配置。全部完成或者出错后发送邮件。被封ip再次访问会报403错误，如果不希望报错可以跳转到其它页面。源码如下：

check_deny_up.py 启动i脚本

#!/bin/python

#-*- coding:utf-8 -*-

# Filename: main.py

# Revision: 1.0

# Date: 2012-06-20

# Author: simonzhang

# web: www.simonzhang.net

# Email: simon-zzm@163.com

### END INIT INFO

importos

fromstring importstrip

fromemail.mime.text importMIMEText

importsmtplib

####

check_comm ="/bin/netstat -antp|grep :80|awk ' ''{print $5}'|awk -F: '{print $1}'|sort -r|uniq -c|sort -n -k1 -r"

max_ip =100

mail_host =‘’;

mail_user =‘’;

mail_pwd =‘’;

mail_to =‘’;

mail_cc =‘’;

defreboot_nginx_sendmail(ip_list):

#### reboot nginx

_get_check_confile =os.popen('./nginx -t').readlines()

ifstr(_get_check_confile.find('ok')) !='-1':

os.system('./nginx -s reload')

_mail_content =ip_list

else:

_mail_content ='Error'

#### send mail

msg =MIMEText(_mail_content)

msg['From'] =mail_user

msg['Subject'] =' force ip.'

msg['To'] =mail_to

try:

s =smtplib.SMTP()

s.connect(mail_host)

s.login(mail_user, mail_pwd)

s.sendmail(mail_user, [mail_to, mail_cc], msg.as_string())

s.close()

exceptException, e:

printe

#### force out IP

defforce_out(_deny_ip):

_write_status =0

_read_force_file =open('../conf/deny.ip', 'rb').read()

ifstr(_read_force_file.find(_deny_ip)) =='-1':

try:

_get_force_file =open('../conf/deny.ip', 'ab')

_get_force_file.write('deny %s ;n'%_deny_ip)

_get_force_file.close()

_write_status =1

return_write_status

except:

return_write_status

reboot_nginx_sendmail("Error !")

return_write_status

defmain():

get_high_ip =os.popen('%s'%check_comm).readlines()

_count_force_ip =0

_force_ip_list =''

fori inxrange(3):

try:

_get_count =strip(get_high_ip[i]).split(' ')[0]

_get_ip =strip(strip(get_high_ip[i]).split(' ')[1])

except:

_get_count =0

_get_ip =''

# Maximum connection IP is Beyond the limit value

if(int(_get_count) > max_ip) and(len(_get_ip) > 0):

force_ip =_get_ip

_get_status =force_out(force_ip)

# check maximum is added in the deny.ip file

ifstr(_get_status) =='1':

_count_force_ip +=1

_force_ip_list +=' %s '%force_ip

# if _count_force_ip > 0:

# reboot_nginx_sendmail(_force_ip_list)

if__name__ =='__main__':

main()check_deny_up.sh

#! /bin/bash

# make simon-zzm@163.com

### END INIT INFO

# Source function library.

. /etc/profile

cd/Data/apps/nginx/sbin/

# See how we were called.

case"$1"in

start)

/usr/local/bin/pythoncheck_ip_deny.py

;;

echo$"Usage: $0 {start}"

exit1

esac

exit将启动脚本放在crontab中运行。

推荐文章：

nginx 自动封 ip 过高连接,nginxipweb服务器是用ng