綠色資源網(wǎng):您身邊最放心的安全下載站! 最新軟件|熱門(mén)排行|軟件分類(lèi)|軟件專(zhuān)題|廠商大全

綠色資源網(wǎng)

技術(shù)教程
您的位置:首頁(yè)服務(wù)器類(lèi)Web服務(wù)器 → nginx 全局變量及防DDOS攻擊的簡(jiǎn)單配置

nginx 全局變量及防DDOS攻擊的簡(jiǎn)單配置

我要評(píng)論 2013/03/31 12:52:31 來(lái)源:綠色資源網(wǎng) 編輯:m.sonlywya.cn [ ] 評(píng)論:0 點(diǎn)擊:516次

經(jīng)常需要配置Nginx ,其中有許多以 $ 開(kāi)頭的變量,經(jīng)常需要查閱nginx 所支持的變量。

可能是對(duì) Ngixn資源不熟悉,干脆就直接讀源碼,分析出支持的變量。

Nginx支持的http變量實(shí)現(xiàn)在 ngx_http_variables.c 的 ngx_http_core_variables存儲(chǔ)實(shí)現(xiàn)

ngx_http_core_variables

  1 static ngx_http_variable_t ngx_http_core_variables[] = {
 

  2 
  3     { ngx_string("http_host"), NULL, ngx_http_variable_header,
  4       offsetof(ngx_http_request_t, headers_in.host), 0, 0 },
  5 
  6     { ngx_string("http_user_agent"), NULL, ngx_http_variable_header,
  7       offsetof(ngx_http_request_t, headers_in.user_agent), 0, 0 },
  8 
  9     { ngx_string("http_referer"), NULL, ngx_http_variable_header,
 10       offsetof(ngx_http_request_t, headers_in.referer), 0, 0 },
 11 
 12 #if (NGX_HTTP_GZIP)
 13     { ngx_string("http_via"), NULL, ngx_http_variable_header,
 14       offsetof(ngx_http_request_t, headers_in.via), 0, 0 },
 15 #endif
 16 
 17 #if (NGX_HTTP_PROXY || NGX_HTTP_REALIP)
 18     { ngx_string("http_x_forwarded_for"), NULL, ngx_http_variable_header,
 19       offsetof(ngx_http_request_t, headers_in.x_forwarded_for), 0, 0 },
 20 #endif
 21 
 22     { ngx_string("http_cookie"), NULL, ngx_http_variable_headers,
 23       offsetof(ngx_http_request_t, headers_in.cookies), 0, 0 },
 24 
 25     { ngx_string("content_length"), NULL, ngx_http_variable_header,
 26       offsetof(ngx_http_request_t, headers_in.content_length), 0, 0 },
 27 
 28     { ngx_string("content_type"), NULL, ngx_http_variable_header,
 29       offsetof(ngx_http_request_t, headers_in.content_type), 0, 0 },
 30 
 31     { ngx_string("host"), NULL, ngx_http_variable_host, 0, 0, 0 },
 32 
 33     { ngx_string("binary_remote_addr"), NULL,
 34       ngx_http_variable_binary_remote_addr, 0, 0, 0 },
 35 
 36     { ngx_string("remote_addr"), NULL, ngx_http_variable_remote_addr, 0, 0, 0 },
 37 
 38     { ngx_string("remote_port"), NULL, ngx_http_variable_remote_port, 0, 0, 0 },
 39 
 40     { ngx_string("server_addr"), NULL, ngx_http_variable_server_addr, 0, 0, 0 },
 41 
 42     { ngx_string("server_port"), NULL, ngx_http_variable_server_port, 0, 0, 0 },
 43 
 44     { ngx_string("server_protocol"), NULL, ngx_http_variable_request,
 45       offsetof(ngx_http_request_t, http_protocol), 0, 0 },
 46 
 47     { ngx_string("scheme"), NULL, ngx_http_variable_scheme, 0, 0, 0 },
 48 
 49     { ngx_string("request_uri"), NULL, ngx_http_variable_request,
 50       offsetof(ngx_http_request_t, unparsed_uri), 0, 0 },
 51 
 52     { ngx_string("uri"), NULL, ngx_http_variable_request,
 53       offsetof(ngx_http_request_t, uri),
 54       NGX_HTTP_VAR_NOCACHEABLE, 0 },
 55 
 56     { ngx_string("document_uri"), NULL, ngx_http_variable_request,
 57       offsetof(ngx_http_request_t, uri),
 58       NGX_HTTP_VAR_NOCACHEABLE, 0 },
 59 
 60     { ngx_string("request"), NULL, ngx_http_variable_request_line, 0, 0, 0 },
 61 
 62     { ngx_string("document_root"), NULL,
 63       ngx_http_variable_document_root, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
 64 
 65     { ngx_string("realpath_root"), NULL,
 66       ngx_http_variable_realpath_root, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
 67 
 68     { ngx_string("query_string"), NULL, ngx_http_variable_request,
 69       offsetof(ngx_http_request_t, args),
 70       NGX_HTTP_VAR_NOCACHEABLE, 0 },
 71 
 72     { ngx_string("args"),
 73       ngx_http_variable_request_set,
 74       ngx_http_variable_request,
 75       offsetof(ngx_http_request_t, args),
 76       NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
 77 
 78     { ngx_string("is_args"), NULL, ngx_http_variable_is_args,
 79       0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
 80 
 81     { ngx_string("request_filename"), NULL,
 82       ngx_http_variable_request_filename, 0,
 83       NGX_HTTP_VAR_NOCACHEABLE, 0 },
 84 
 85     { ngx_string("server_name"), NULL, ngx_http_variable_server_name, 0, 0, 0 },
 86 
 87     { ngx_string("request_method"), NULL,
 88       ngx_http_variable_request_method, 0,
 89       NGX_HTTP_VAR_NOCACHEABLE, 0 },
 90 
 91     { ngx_string("remote_user"), NULL, ngx_http_variable_remote_user, 0, 0, 0 },
 92 
 93     { ngx_string("body_bytes_sent"), NULL, ngx_http_variable_body_bytes_sent,
 94       0, 0, 0 },
 95 
 96     { ngx_string("request_completion"), NULL,
 97       ngx_http_variable_request_completion,
 98       0, 0, 0 },
 99 
100     { ngx_string("request_body"), NULL,
101       ngx_http_variable_request_body,
102       0, 0, 0 },
103 
104     { ngx_string("request_body_file"), NULL,
105       ngx_http_variable_request_body_file,
106       0, 0, 0 },
107 
108     { ngx_string("sent_http_content_type"), NULL,
109       ngx_http_variable_sent_content_type, 0, 0, 0 },
110 
111     { ngx_string("sent_http_content_length"), NULL,
112       ngx_http_variable_sent_content_length, 0, 0, 0 },
113 
114     { ngx_string("sent_http_location"), NULL,
115       ngx_http_variable_sent_location, 0, 0, 0 },
116 
117     { ngx_string("sent_http_last_modified"), NULL,
118       ngx_http_variable_sent_last_modified, 0, 0, 0 },
119 
120     { ngx_string("sent_http_connection"), NULL,
121       ngx_http_variable_sent_connection, 0, 0, 0 },
122 
123     { ngx_string("sent_http_keep_alive"), NULL,
124       ngx_http_variable_sent_keep_alive, 0, 0, 0 },
125 
126     { ngx_string("sent_http_transfer_encoding"), NULL,
127       ngx_http_variable_sent_transfer_encoding, 0, 0, 0 },
128 
129     { ngx_string("sent_http_cache_control"), NULL, ngx_http_variable_headers,
130       offsetof(ngx_http_request_t, headers_out.cache_control), 0, 0 },
131 
132     { ngx_string("limit_rate"), ngx_http_variable_request_set_size,
133       ngx_http_variable_request_get_size,
134       offsetof(ngx_http_request_t, limit_rate),
135       NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
136 
137     { ngx_string("nginx_version"), NULL, ngx_http_variable_nginx_version,
138       0, 0, 0 },
139 
140     { ngx_string("hostname"), NULL, ngx_http_variable_hostname,
141       0, 0, 0 },
142 
143     { ngx_string("pid"), NULL, ngx_http_variable_pid,
144       0, 0, 0 },
145 
146     { ngx_null_string, NULL, NULL, 0, 0, 0 }
147 };

把這些變量提取下,總結(jié)如下:
 

nginx防DDOS攻擊的簡(jiǎn)單配置

nginx本身就有防DDOS攻擊這方面的模塊ngx_http_limit_req_module和ngx_http_limit_conn_module。

一、基本介紹

1.ngx_http_limit_req_module

配置格式及說(shuō)明:

設(shè)置一個(gè)緩存區(qū)保存不同key的狀態(tài),這里的狀態(tài)是指當(dāng)前的過(guò)量請(qǐng)求數(shù)。而key是由variable指定的,是一個(gè)非空的變量,我們這里使用$binary_remote_addr,表示源IP為key值。

limit_req_zone $variable zone=name:size rate=rate;

  指定要進(jìn)行限制的緩存區(qū)和最大的請(qǐng)求到達(dá)后有多少個(gè)請(qǐng)求放入延遲隊(duì)列(其它的直接丟棄)。如果不希望請(qǐng)求

關(guān)鍵詞:nginx,DDOS攻擊

閱讀本文后您有什么感想? 已有 人給出評(píng)價(jià)!

  • 1 歡迎喜歡
  • 1 白癡
  • 1 拜托
  • 1 哇
  • 1 加油
  • 1 鄙視