бан или заворот айпи на страницу заглушку
Maxim Ponomarchuk
ponomarchuk_m на ukr.net
Вс Мар 27 09:06:12 MSD 2011
Друзья.
Есть сервер под управлением Debian.
Периодически появляется проблема связанная с тем что с одного айпи
начинает валится уйма запросов к серверу + из-за этого вырастает LA .
Например:
|cat production.log | grep 178.95.42.226
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:05) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:06) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:07) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:08) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:08) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:09) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:10) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:11) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:11) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:12) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:13) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:14) [GET]
Processing ApplicationController#index (for 178.95.42.226 at 2011-03-27 07:56:15) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:15) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:16) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:16) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:17) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:22) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:22) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:24) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:26) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:27) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:28) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:30) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:31) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:32) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:33) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:34) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:35) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:35) [GET]
Processing DataController#url_redirect (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:37) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:37) [GET]
Processing DataController#url_redirect (for 178.95.42.226 at 2011-03-27 07:56:38) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:39) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:39) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:40) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:40) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:41) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:42) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:43) [GET]
|
В настройках nginx поставил лимит
|
limit_zone http $binary_remote_addr 1m;
limit_conn http 10;
При тесте Siege - nginx успешно дропает соединения больше 10 в единый момент времени.
В моем же случае такое условие не совпадает.
Можно ли как сделать так|- если с одного айпи в течении минуты есть больше 30 обращений к серверу - то заворачивать злодея на страничку - заглушку?
|Или как с таким бороться?
|
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://nginx.org/pipermail/nginx-ru/attachments/20110327/d3940806/attachment.html>
Подробная информация о списке рассылки nginx-ru