|
使用nginx 匹配$query_string 来return 503…不过会导致页面不能访问,这里提供一个折中的办法。
nginx代理请求的日志:
[root@ipython conf]# tail -f /var/log/nginx/logs/access.log | grep ahtax
120.193.47.34 - - [26/Sep/2014:23:34:44 +0800] "GET /ahtax/index.html HTTP/1.0" 503 1290 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" "10.129.1.254, 120.193.47.34"
[root@ipython conf]# cat /%path%/self_.php
<!--?php if ($_SERVER["HTTP_X_FORWARDED_FOR"]!="") { $user_ip=$_SERVER["HTTP_X_FORWARDED_FOR"]; }elseif($_SERVER["HTTP_X_REAL_IP"]!=""){ $user_ip=$_SERVER["HTTP_X_REAL_IP"]; }else{ $user_ip=$_SERVER["REMOTE_ADDR"]; } echo $user_ip."<br ?--><?php if ($_SERVER["HTTP_X_FORWARDED_FOR"]!="") { $user_ip=$_SERVER["HTTP_X_FORWARDED_FOR"]; }elseif($_SERVER["HTTP_X_REAL_IP"]!=""){ $user_ip=$_SERVER["HTTP_X_REAL_IP"]; }else{ $user_ip=$_SERVER["REMOTE_ADDR"]; } echo $user_ip."<br />"; foreach($_SERVER as $key=>$value) echo $key."\t"."$value"."<br />"; ?> 通过浏览器访问确认相关参数。
用正则匹配日志中两个IP,Nginx正则依赖pcre库:
[root@ipython conf]# pcretest
PCRE version 7.8 2008-09-05 re> '^\d+.\d+.\d+.\d+\W\s\d+.\d+.\d+.\d+$' data> 192.168.1.1, 1.1.1.1 0: 192.168.1.1, 1.1.1.1
#proxy
if ($http_x_forwarded_for ~ '^\d+.\d+.\d+.\d+\W\s\d+.\d+.\d+.\d+$'){ return 503; }
|