nginx 全局(jú)變量及(jí)防DDOS攻擊的簡單配置
經常需要配(pèi)置Nginx ,其中有許多以 $ 開(kāi)頭的(de)變量(liàng),經常需要查(chá)閱nginx 所支持的變量。
可能是對 Ngixn資源不熟(shú)悉,幹脆(cuì)就直接讀源碼,分析(xī)出支持的變(biàn)量。
Nginx支持的http變量實現在 ngx_http_variables.c 的 ngx_http_core_variables存儲實(shí)現:
ngx_http_core_variables
1 static ngx_http_variable_t ngx_http_core_variables[] = {
2
3 { ngx_string("http_host"), NULL, ngx_http_variable_header,
4 offsetof(ngx_http_request_t, headers_in.host), 0, 0 },
5
6 { ngx_string("http_user_agent"), NULL, ngx_http_variable_header,
7 offsetof(ngx_http_request_t, headers_in.user_agent), 0, 0 },
8
9 { ngx_string("http_referer"), NULL, ngx_http_variable_header,
10 offsetof(ngx_http_request_t, headers_in.referer), 0, 0 },
11
12 #if (NGX_HTTP_GZIP)
13 { ngx_string("http_via"), NULL, ngx_http_variable_header,
14 offsetof(ngx_http_request_t, headers_in.via), 0, 0 },
15 #endif
16
17 #if (NGX_HTTP_PROXY || NGX_HTTP_REALIP)
18 { ngx_string("http_x_forwarded_for"), NULL, ngx_http_variable_header,
19 offsetof(ngx_http_request_t, headers_in.x_forwarded_for), 0, 0 },
20 #endif
21
22 { ngx_string("http_cookie"), NULL, ngx_http_variable_headers,
23 offsetof(ngx_http_request_t, headers_in.cookies), 0, 0 },
24
25 { ngx_string("content_length"), NULL, ngx_http_variable_header,
26 offsetof(ngx_http_request_t, headers_in.content_length), 0, 0 },
27
28 { ngx_string("content_type"), NULL, ngx_http_variable_header,
29 offsetof(ngx_http_request_t, headers_in.content_type), 0, 0 },
30
31 { ngx_string("host"), NULL, ngx_http_variable_host, 0, 0, 0 },
32
33 { ngx_string("binary_remote_addr"), NULL,
34 ngx_http_variable_binary_remote_addr, 0, 0, 0 },
35
36 { ngx_string("remote_addr"), NULL, ngx_http_variable_remote_addr, 0, 0, 0 },
37
38 { ngx_string("remote_port"), NULL, ngx_http_variable_remote_port, 0, 0, 0 },
39
40 { ngx_string("server_addr"), NULL, ngx_http_variable_server_addr, 0, 0, 0 },
41
42 { ngx_string("server_port"), NULL, ngx_http_variable_server_port, 0, 0, 0 },
43
44 { ngx_string("server_protocol"), NULL, ngx_http_variable_request,
45 offsetof(ngx_http_request_t, http_protocol), 0, 0 },
46
47 { ngx_string("scheme"), NULL, ngx_http_variable_scheme, 0, 0, 0 },
48
49 { ngx_string("request_uri"), NULL, ngx_http_variable_request,
50 offsetof(ngx_http_request_t, unparsed_uri), 0, 0 },
51
52 { ngx_string("uri"), NULL, ngx_http_variable_request,
53 offsetof(ngx_http_request_t, uri),
54 NGX_HTTP_VAR_NOCACHEABLE, 0 },
55
56 { ngx_string("document_uri"), NULL, ngx_http_variable_request,
57 offsetof(ngx_http_request_t, uri),
58 NGX_HTTP_VAR_NOCACHEABLE, 0 },
59
60 { ngx_string("request"), NULL, ngx_http_variable_request_line, 0, 0, 0 },
61
62 { ngx_string("document_root"), NULL,
63 ngx_http_variable_document_root, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
64
65 { ngx_string("realpath_root"), NULL,
66 ngx_http_variable_realpath_root, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
67
68 { ngx_string("query_string"), NULL, ngx_http_variable_request,
69 offsetof(ngx_http_request_t, args),
70 NGX_HTTP_VAR_NOCACHEABLE, 0 },
71
72 { ngx_string("args"),
73 ngx_http_variable_request_set,
74 ngx_http_variable_request,
75 offsetof(ngx_http_request_t, args),
76 NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
77
78 { ngx_string("is_args"), NULL, ngx_http_variable_is_args,
79 0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
80
81 { ngx_string("request_filename"), NULL,
82 ngx_http_variable_request_filename, 0,
83 NGX_HTTP_VAR_NOCACHEABLE, 0 },
84
85 { ngx_string("server_name"), NULL, ngx_http_variable_server_name, 0, 0, 0 },
86
87 { ngx_string("request_method"), NULL,
88 ngx_http_variable_request_method, 0,
89 NGX_HTTP_VAR_NOCACHEABLE, 0 },
90
91 { ngx_string("remote_user"), NULL, ngx_http_variable_remote_user, 0, 0, 0 },
92
93 { ngx_string("body_bytes_sent"), NULL, ngx_http_variable_body_bytes_sent,
94 0, 0, 0 },
95
96 { ngx_string("request_completion"), NULL,
97 ngx_http_variable_request_completion,
98 0, 0, 0 },
99
100 { ngx_string("request_body"), NULL,
101 ngx_http_variable_request_body,
102 0, 0, 0 },
103
104 { ngx_string("request_body_file"), NULL,
105 ngx_http_variable_request_body_file,
106 0, 0, 0 },
107
108 { ngx_string("sent_http_content_type"), NULL,
109 ngx_http_variable_sent_content_type, 0, 0, 0 },
110
111 { ngx_string("sent_http_content_length"), NULL,
112 ngx_http_variable_sent_content_length, 0, 0, 0 },
113
114 { ngx_string("sent_http_locations"), NULL,
115 ngx_http_variable_sent_locations, 0, 0, 0 },
116
117 { ngx_string("sent_http_last_modified"), NULL,
118 ngx_http_variable_sent_last_modified, 0, 0, 0 },
119
120 { ngx_string("sent_http_connection"), NULL,
121 ngx_http_variable_sent_connection, 0, 0, 0 },
122
123 { ngx_string("sent_http_keep_alive"), NULL,
124 ngx_http_variable_sent_keep_alive, 0, 0, 0 },
125
126 { ngx_string("sent_http_transfer_encoding"), NULL,
127 ngx_http_variable_sent_transfer_encoding, 0, 0, 0 },
128
129 { ngx_string("sent_http_cache_control"), NULL, ngx_http_variable_headers,
130 offsetof(ngx_http_request_t, headers_out.cache_control), 0, 0 },
131
132 { ngx_string("limit_rate"), ngx_http_variable_request_set_size,
133 ngx_http_variable_request_get_size,
134 offsetof(ngx_http_request_t, limit_rate),
135 NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
136
137 { ngx_string("nginx_version"), NULL, ngx_http_variable_nginx_version,
138 0, 0, 0 },
139
140 { ngx_string("hostname"), NULL, ngx_http_variable_hostname,
141 0, 0, 0 },
142
143 { ngx_string("pid"), NULL, ngx_http_variable_pid,
144 0, 0, 0 },
145
146 { ngx_null_string, NULL, NULL, 0, 0, 0 }
147 };
把這些變量提取下,總結如下:
nginx防DDOS攻擊的簡單配置
nginx本身(shēn)就有防DDOS攻擊這方麵的模塊ngx_http_limit_req_module和ngx_http_limit_conn_module。
一、基本(běn)介紹
1.ngx_http_limit_req_module
配置格式及說明:
設置一個緩存區保存不同key的狀態,這裏的狀(zhuàng)態(tài)是指當前的過量請(qǐng)求數。而key是由variable指(zhǐ)定的,是(shì)一(yī)個非(fēi)空的變量,我們這裏使用$binary_remote_addr,表示源IP為key值。
limit_req_zone $variable zone=name:size rate=rate;
指定要進行限製(zhì)的緩存區和最大的請求(qiú)到達後有多少個請求放(fàng)入延遲(chí)隊列(其它的直接丟棄)。如果不希望請求
關鍵詞:nginx,DDOS攻(gōng)擊
閱讀本(běn)文(wén)後(hòu)您有什麽(me)感想? 已有 人給出評價!
- 1
- 1
- 1
- 1
- 1
- 1
