脚本需要根据实际的nginx log 格式,修改,取出 访问IP 和User-Agent.
在nginx配置文件中添加一条配置
include /etc/nginx/conf.d/blockip.conf;
tail -n 500000 /var/log/nginx/access.log |awk '{print $1,$12}' |grep -i -v -E "google|yahoo|baidu|msnbot|FeedSky|sogou" |awk '{print $1}'|sort|uniq -c|sort -rn |awk '{if($1>1000)print "deny "$2";"}' > /etc/nginx/conf.d/blockip.conf
重启nginx
只需要查看的话 执行命令
tail -n 500000 /var/log/nginx/access.log |awk '{print $1,$12}' |grep -i -v -E "google|yahoo|baidu|msnbot|FeedSky|sogou" |awk '{print $1}'|sort|uniq -c|sort -rn|awk '$1 > 1000{print $2}'
在nginx配置文件中添加一条配置
include /etc/nginx/conf.d/blockip.conf;
tail -n 500000 /var/log/nginx/access.log |awk '{print $1,$12}' |grep -i -v -E "google|yahoo|baidu|msnbot|FeedSky|sogou" |awk '{print $1}'|sort|uniq -c|sort -rn |awk '{if($1>1000)print "deny "$2";"}' > /etc/nginx/conf.d/blockip.conf
重启nginx
只需要查看的话 执行命令
tail -n 500000 /var/log/nginx/access.log |awk '{print $1,$12}' |grep -i -v -E "google|yahoo|baidu|msnbot|FeedSky|sogou" |awk '{print $1}'|sort|uniq -c|sort -rn|awk '$1 > 1000{print $2}'