nginx 服务器安全配置

查看nginx日志发现有很多尝试暴力破解服务器的请求,如下:

129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /zxc0.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /zxc1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /zxc2.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /indexa.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /lx.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /cn.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /api.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /index1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /info.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /info1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /aaaaaa1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /up.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /test123.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /test123.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /fb.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /paylog.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /paylog.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:02 +0800] "POST /x.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /cnm.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /test404.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /test.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /phpinf0.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:03 +0800] "POST /1ndex.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /autoloader.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /class1.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /test404.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /shi.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /think.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /back.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"
129.28.104.59 - - [14/Oct/2020:17:25:12 +0800] "POST /DJ.php HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0" "-"

此类请求大多无法响应,被返回40x或者50x 

因此可做简单配置,过滤该类对应ip的请求; 

nginx 配置/etc/nginx/nginx.conf  增加 include  ip.black;   

http {
    include  ip.black;  
    access_log  /var/log/nginx/access.log  main;
#....
}

在对应的/etc/nginx 创建  ip.black 文件,并加入禁止访问的ip eg:

deny 193.27.228.27 ;
deny 198.245.49.194 ;
deny 139.162.81.62 ;
deny 139.199.82.44 ;
deny 165.232.50.11

然后重启nginx ,nginx -s reload 

由于请求不定期到来进行破坏,因此最好加上crontab,crontab -e  编辑对应规则定时加入黑名单,需要重启ng生效

1 */1 * * * grep php /var/log/nginx/access.log |grep -v "自己的ip" |grep -E "40[0-9]|50[1-9]" |awk -F ' ' '{print "deny
",$1, ";"}' |sort -u >> /etc/nginx/ip.black

【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/lavin/p/13821197.html