查找要屏蔽的ip
awk '{print $1}' /var/log/nginx/access.log |sort |uniq -c|sort -n256 45.121.107.104
264 45.121.104.86
287 66.249.79.108
288 120.92.19.84
307 23.19.68.104
312 110.81.71.125
362 221.232.195.162
413 117.176.198.236
437 13.66.139.38
477 66.249.79.106
518 13.66.139.111
534 13.66.139.114
579 182.254.52.17
629 220.194.106.61
704 43.231.47.3
756 66.249.79.104
845 193.168.4.98
967 216.244.66.226
1457 101.89.19.140
1996 49.233.192.236
2026 152.136.144.187在nginx的安装目录下面,新建屏蔽ip文件,命名为blockip.conf,以后新增加屏蔽ip只需编辑这个文件即可。 加入如下内容
deny 118.25.45.59;
deny 42.120.160.104;
deny 42.156.136.82;
deny 185.191.171.25;
deny 152.136.144.187;在nginx的配置文件nginx.conf中加入如下配置,可以放到http, server, location, limit_except语句块,需要注意相对路径,本例当中nginx.conf,blocksip.conf在同一个目录中。
include blockip.conf;屏蔽IP段即从123.45.6.1到123.45.6.254访问的命令
deny 123.45.6.0/24