注册 登录  
 加关注

网易博客网站关停、迁移的公告:

将从2018年11月30日00:00起正式停止网易博客运营
查看详情
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

老和山小和尚

敬天爱人

 
 
 

日志

 
 
 
 

[ANNOUNCE] nginx_limit_access_module  

2010-11-11 15:37:07|  分类: Nginx |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
Name
    nginx_limit_access_module - support to deny request by specific variable with HTTP
    POST interface

Status
    This module is at its very early phase of development and considered
    highly experimental. But you're encouraged to test it out on your side
    and report any quirks that you experience.

    We need your help! If you find this module useful and/or interesting,
    please consider joining the development!

Synopsis
    http {

        limit_access_zone zone=one:5m bucket_number=10007 type=$remote_addr;

        server {
            listen 80;
            server_name localhost;

            limit_access_variable zone=one $limit_access_deny;

            location / {
                root html;
                index index.html index.htm;

                if ($limit_access_deny) {
                    return 403;
                }
            }

            location /limit_interface {
                allow 192.168.1.0/24;
                deny all;
                limit_access_interface zone=one;
            }
        }
    }

Description
    This module can support to deny request by specific variable with HTTP
    POST interface

Directives
  limit_access_zone
    syntax: *limit_access_zone zone=name:size [bucket_number=number]
    [type=ip|$your_variable];*

    default: *none*

    context: *http*

    The directive describes the area, which stores the record of the limit
    hash table. Example of usage:

    limit_access_zone zone=one:5m bucket_number=10007;

    In this case, the hash table is allocated 5MB as a zone called "one".
    The hash table's bucket number is 10007. We can get the record's key of
    this hash table from the remainder $binary_remote_addr with
    bucket_number.

    If the record is the type of ip, each record's size is about 32 bytes.
    If you have a 5M zone, it can hold about 100k+ records.

    The type can be 'ip' or any of the variable in Nginx. I use the 'ip' as
    a sepecial variable because I treat the ip as an interger. This can save
    some storage memory. Otherwise, I treat all the variable to be string.

  limit_access_interface
    syntax: *limit_access_interface zone=name;*

    default: *none*

    context: *location*

    This directive set the interface location where you can add or delete
    the deny list. See the section of Interface for detail.

  limit_access
    syntax: *limit_access zone=name;*

    default: *none*

    context: *http, server, location*

    This directive set the location where you can deny specific variable
    from the zone's record. The deny action is the same as the
    nginx_http_access_module (<http://wiki.nginx.org/HttpAccessModule>). It
    will look up the zone's hash table. If it find the request's variable is
    in the hash table and it's not expired, then return 403.

  limit_access_variable
    syntax: *limit_access_variable zone=name $limit_access_variable_name;*

    default: *none*

    context: *http, server, location*

    This directive set the name of variable and the zone attached with the
    variable. When you access this variable, the variable will do like the
    limit_access directive. It will look up the zone's hash table. If it
    finds the request's variable is in the hash table and it's not expired,
    then the value is '1'. If not, the value is null.

  limit_access_default_expire
    syntax: *limit_access_default_expire expire_time;*

    default: *1d*

    context: *http, server, location*

    Set the default expire time for the ban list record. Default expire time
    is 1 day. The unit of time can be: s(second,default), m(minute),
    h(hour), d(day), w(week), M(month), y(year).

  limit_access_log_level
    syntax: *limit_access_log_level info|notice|warn|error;*

    default: *limit_access_log_level error*

    context: *http, server, location*

    Control the log level of the request deny message.

Interface
    The request method sent to the interface location is POST, and the
    content-type is application/x-www-form-urlencoded. The content is like
    this:

    ban_type=variable&ban_expire=3600&ban_list=192.168.1.1,192.168.1.2

    The parameters' specification is:

    ban_type: the type of ban_list. It can be: ip, variable.

    ban_expire: the expire time for the ban list. The unit of time can be:
    s(second,default), m(minute), h(hour), d(day), w(week), M(month),
    y(year).

    ban_list: the ban list, the ipv4 address can also be sent by a binary
    form.

    free_type: the type of free_list.

    free_list: free the ban list, the variable will not be denied any more.

    show_type: the type of show_list.

    show_list: show the ban list. You can get the specific ban list like
    this:

    show_type=variable&show_list=127.0.0.1,127.1.1.1

    If you want to show all the current ban IP list, You can do like this:

    show_type=ip&show_list=all

    destroy_list: invalidate all the current ban list, then all the client
    request is allowed.

Installation
    Download the latest version of the release tarball of this module from
    github (<http://github.com/yaoweibin/nginx_limit_access_module>)

    Grab the nginx source code from nginx.org (<http://nginx.org/>), for
    example, the version 0.8.53 (see nginx compatibility), and then build
    the source with this module:

        $ wget 'http://nginx.org/download/nginx-0.8.53.tar.gz'
        $ tar -xzvf nginx-0.8.53.tar.gz
        $ cd nginx-0.8.53/

        $ ./configure --add-module=/path/to/nginx_limit_access_module

        $ make
        $ make install

Compatibility
    My test bed 0.8.53.

TODO
Known Issues
    Developing

Changelogs
  v0.1
    first release

Authors
    Weibin Yao(姚伟斌) *yaoweibin AT gmail DOT com*

License
    This README template is from agentzh (<http://github.com/agentzh>).

    This module is licensed under the BSD license.

    Redistribution and use in source and binary forms, with or without
    modification, are permitted provided that the following conditions are
    met:

    Redistributions of source code must retain the above copyright notice,
    this list of conditions and the following disclaimer.
    Redistributions in binary form must reproduce the above copyright
    notice, this list of conditions and the following disclaimer in the
    documentation and/or other materials provided with the distribution.

    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
  评论这张
 
阅读(1873)| 评论(0)
推荐 转载

历史上的今天

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2018