收到报警,某一域名报警404状态码五分钟超过2000条,通过日志分析平台可以快速定位故障。
可以看到主要是宁波的一个IP访问错误的url。如:xxx.51.com//Files/Image/diaosi.asp/lpnpl73757.jpg
解决办法:
1、限制访问频率,可参考ngx_http_limit_req_module
2、封掉IP
一般情况下,原则是如果服务器负载没有报警,只做访问频率限制,如果服务器连接数很多,监控已经报警了的话,才会封掉IP。
限制访问频率,可以这么配置:
http { limit_req_zone $binary_remote_addr zone=one:10m rate=30r/s; ....... server { listen 80; server_name passport.xxx.com; location / { limit_req zone=one burst=10 nodelay; proxy_pass http://passport_pool; proxy_next_upstream error timeout invalid_header; proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 443; server_name passport.xxx.com; ssl on; ssl_certificate /usr/local/app/nginx/conf/ssl/51.com.crt; ssl_certificate_key /usr/local/app/nginx/conf/ssl/51.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL; location / { limit_req zone=one burst=10 nodelay; proxy_pass http://passport_pool; proxy_next_upstream error timeout invalid_header; proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_set_header Host $host; #add https_tag into head for sign https proxy_set_header Https_tag 'https'; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } }
封掉IP,可以通过防火墙或者再nginx中配置:
location / { deny 23.83.245.218; }