OpenResty官方下载网站:http://openresty.org/cn/linux-packages.html
安装OpenResty
yum install -y yum-utils
yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo
yum install -y openresty创建lua脚本(例子,链接:https://www.jianshu.com/p/5f9928c7d730)
local function close_redis(red)
if not red then
return
end
-- 释放连接(连接池实现),毫秒
local pool_max_idle_time = 10000
-- 连接池大小
local pool_size = 100
local ok, err = red:set_keepalive(pool_max_idle_time, pool_size)
local log = ngx_log
if not ok then
log(ngx_ERR, "set redis keepalive error : ", err)
end
end
-- 连接redis
local redis = require('resty.redis')
local red = redis.new()
red:set_timeout(1000)
-- 设置redis连接参数
local ip = "127.0.0.1"
local port = "6379"
local ok, err = red:connect(ip,port)
if not ok then
return close_redis(red)
end
-- red:auth('123456')
red:select('0')
local clientIP = ngx.req.get_headers()["X-Real-IP"]
if clientIP == nil then
clientIP = ngx.req.get_headers()["x_forwarded_for"]
end
if clientIP == nil then
clientIP = ngx.var.remote_addr
end
local incrKey = "user:"..clientIP..":freq"
local blockKey = "user:"..clientIP..":block"
local is_block,err = red:get(blockKey) -- check if ip is blocked
if tonumber(is_block) == 1 then
ngx.exit(403)
close_redis(red)
end
inc = red:incr(incrKey)
if inc < 10 then
inc = red:expire(incrKey,1)
end
-- 每秒10次以上访问即视为非法,会阻止1分钟的访问
if inc > 10 then
--设置block 为 True 为1
red:set(blockKey,1)
red:expire(blockKey,60)
end
close_redis(red)在 nginx 配置文件的 http 段添加 lua 脚本
http {
lua_package_path "/usr/local/openresty/lualib/resty/redis.lua;";
}在server 段的 location 中添加
server {
location / {
access_by_lua_file "/etc/openresty/access_by_redis.lua";
}
}
1772
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
