Re: бан или заворот айпи на страницу заглушку

Алексей Масленников minisotm на gmail.com
Пн Мар 28 12:07:38 MSD 2011 

Что-то не пашет, или может я не догоняю.

Говорит:

Restarting nginx: [emerg]: unknown
"binary_remote_addr$request_uri$referer" variable

On 27.03.2011 10:48, Илья Шипицин wrote:
> все правильно, только я бы расширил ключ, скажем, до
>
> |limit_zone http $binary_remote_addr$request_uri$referer 1m;|
>
> а количество соединений уменьшил до 1
>
> 2011/3/27 Maxim Ponomarchuk <ponomarchuk_m на ukr.net
> <mailto:ponomarchuk_m на ukr.net>>
>
>     Друзья.
>
>     Есть сервер под управлением Debian.
>     Периодически появляется проблема связанная с тем что с одного айпи
>     начинает валится уйма запросов к серверу + из-за этого вырастает LA .
>
>     Например:
>
>     |cat  production.log | grep 178.95.42.226
>
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:05) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:06) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:07) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:08) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:08) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:09) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:10) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:11) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:11) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:12) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:13) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:14) [GET]
>     Processing ApplicationController#index (for 178.95.42.226 at 2011-03-27 07:56:15) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:15) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:16) [GET]
>     Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:16) [GET]
>     Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:17) [GET]
>     Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:22) [GET]
>     Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:22) [GET]
>     Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:24) [GET]
>     Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:26) [GET]
>     Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:27) [GET]
>     Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:28) [GET]
>     Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:30) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:31) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:32) [GET]
>     Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:33) [GET]
>     Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:34) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:35) [GET]
>     Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:35) [GET]
>     Processing DataController#url_redirect (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
>     Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
>     Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
>     Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:37) [GET]
>     Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:37) [GET]
>     Processing DataController#url_redirect (for 178.95.42.226 at 2011-03-27 07:56:38) [GET]
>     Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:39) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:39) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:40) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:40) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:41) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:42) [GET]
>     Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:43) [GET]
>     |
>
>     В настройках nginx поставил лимит
>
>     |
>     limit_zone http $binary_remote_addr 1m;
>     limit_conn   http  10;
>
>     При тесте Siege  - nginx успешно дропает соединения больше 10 в единый момент времени.
>
>     В моем же случае такое условие не совпадает.
>     Можно ли как сделать так |- если с одного айпи в течении минуты есть больше 30 обращений к серверу - то заворачивать злодея на страничку - заглушку?
>     |Или  как с таким бороться?
>
>     |
>
>
>
>     _______________________________________________
>     nginx-ru mailing list
>     nginx-ru на nginx.org <mailto:nginx-ru на nginx.org>
>     http://nginx.org/mailman/listinfo/nginx-ru
>
>
>
> _______________________________________________
> nginx-ru mailing list
> nginx-ru на nginx.org
> http://nginx.org/mailman/listinfo/nginx-ru

----------- следущая часть -----------
Вложение в формате HTML было извлечено&hellip;
URL: <http://nginx.org/pipermail/nginx-ru/attachments/20110328/db8c165b/attachment.html>

Подробная информация о списке рассылки nginx-ru