Nginx
1 前言
一个问题,一篇文章,一出故事。
笔者今天早上发现站点无法打开,经查Nginx有大量的如下日志。
38.134.40.117 - - [03/Sep/2025:02:25:17 +0800] "GET / HTTP/1.1" 301 162 "-" "Go-http-client/1.1" "-" 38.134.40.117 - - [03/Sep/2025:02:37:48 +0800] "GET / HTTP/1.1" 301 162 "-" "Go-http-client/1.1" "-" 38.134.40.117 - - [03/Sep/2025:02:37:49 +0800] "GET / HTTP/1.1" 200 10860 "-" "Go-http-client/1.1" "38.134.40.117" #... 38.134.40.117 - - [03/Sep/2025:02:40:18 +0800] "GET /config.js HTTP/1.1" 499 0 "http://www.cmdschool.cn/config.js" "Go-http-client/1.1" "-" 38.134.40.117 - - [03/Sep/2025:02:43:19 +0800] "GET /config.js HTTP/1.1" 499 0 "http://www.cmdschool.com/config.js" "Go-http-client/1.1" "38.134.40.117"
攻击者持续使用UA工具“Go-http-client”以每秒几百次的高频请求站点,进行攻击使得服务器磁盘IO持续飙升,影响站点的持续服务。
2 最佳实践
2.1 确保存在引用配置
cat /etc/nginx/nginx.conf
需要确保有如下配置,
http {
#...
include /etc/nginx/conf.d/*.conf;
}
2.2 配置限制请求模块
2.2.1 创建配置
vim /etc/nginx/conf.d/www.cmdschool.org_443.conf
加入如下配置,
limit_req_zone $binary_remote_addr zone=www.cmdschool.org_req:10m rate=1r/s;
server {
listen 0.0.0.0:443 ssl;
server_name www.cmdschool.org;
#...
location / {
limit_req zone=www.cmdschool.org_req burst=5 nodelay;
proxy_pass https://127.0.0.1;
#...
}
}
需要注意的是,
- 参数“rate=1r/s”设置每个IP地址每秒允许1个请求。
- 参数“burst=5”设置允许突发流量,最多可以在短时间内处理5个请求。
2.2.2 测试配置语法
nginx -t
2.2.3 重载服务使配置生效
systemctl reload nginx
2.3 配置限制连接模块
2.3.1 创建配置
vim /etc/nginx/conf.d/www.cmdschool.org_443.conf
加入如下配置,
limit_conn_zone $binary_remote_addr zone=www.cmdschool.org_addr:10m;
server {
listen 0.0.0.0:443 ssl;
server_name www.cmdschool.org;
#...
location / {
limit_conn www.cmdschool.org_addr 10;
proxy_pass https://127.0.0.1;
#...
}
}
需要注意的是,
- 参数“limit_conn addr 10”设置限制每个IP地址最多10个连接。
2.3.2 测试配置语法
nginx -t
2.3.3 重载服务使配置生效
systemctl reload nginx
没有评论