Ban IP address using nginx?

Z

Zamorozka2012-02-19 14:24:40

Java

Zamorozka, 2012-02-19 14:24:40

There is a web application with a bunch of nginx + tomcat. That is, nginx acts as a proxy, tomcat is the main server.

Recently, in the logs, I notice that there are constantly requests for incorrect or non-existent URLs.

For example, I have a controller /setting/{ID}/get, and in the logs there are many chains of calling /setting//get or, say, instead of {ID}, there may be an enumeration of some values.

In order to reduce server load and reduce outgoing traffic, is it possible to somehow organize an automatic ban of IP addresses using nginx.

That is, let's say if a request from one IP goes to a non-existent address, then after 10 such requests, the IP address is blocked for an hour?

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

S

Stdit, 2012-02-19
@Zamorozka

If you add deny to the config, Nginx will have to be restarted. If you need a solution on Nginx, for example, you can not let it into the backend on the left urls, setting the most accurate locations for existing paths. There is also this original solution .

V

Vitaly Peretyatko, 2012-02-19
@viperet

You can block too frequent requests from one IP using NGINX wiki.nginx.org/HttpLimitReqModule
And ban IP for a specified time in case of suspicious behavior, I think it's better to do it using Firewall

S

Sergey, 2012-02-19
@bondbig

without external scripts that constantly edit the nginx config and do reload, nothing will come of it.

V

Vlad Zhivotnev, 2012-02-19
@inkvizitor68sl

Duc. Catch 404s with iptables and ban when there are a lot of them.

D

dborovikov, 2012-02-22
@dborovikov

You can write a module for nginx in lua.