第一种方法:
官方模块:http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html
1.在Nginx配置文件nginx.conf的http选项中添加如下内容
在nginx.conf的配置中添加了Nginx白名单
### Nginx Limint config
geo $limited{
default 1;
127.0.0.1 0;
192.168.100.18 0;
}
map $limited $limit{
1 $binary_remote_addr;
0 "";
}
limit_req_zone $limit zone=one:10m rate=5r/s;
2.在虚拟目录中直接应用
[root@frontend-01 ~]# cat /etc/nginx/conf.d/test.conf
server{
listen 80;
server_name yourdomain.com;
root /yourdist/;
access_log /yourdomain.com.access.log json;
error_log /yourdomain.com.error.log warn;
location /test/api/v3/ {
## 只针对api接口调用做Nginx IP地址限速
limit_req zone=one burst=10 nodelay;
proxy_pass http://test;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header Host $host;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers "accept, content-type";
}
location /test/auth/v3/ {
proxy_pass http://test;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header Host $host;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers "accept, content-type";
}
}
[root@frontend-01 ~]#
3.检查配置文件reload Nginx
/usr/sbin/nginx -t
/usr/sbin/nginx -s reload
第二种方法 人肉加黑名单
1.在Nginx的配置文件nginx.conf中设置黑名单
http选项中添加如下文件
include /etc/nginx/deny/*.ip;
2.在Nginx目录中创建
mkdir /etc/nginx/deny/
3.创建拒绝列表
[root@frontend-01 ~]# cat /etc/nginx/deny/deny.ip
deny 101.44.70.14;
[root@frontend-01 ~]#
4.reload nginx
/usr/sbin/nginx -t
/usr/sbin/nginx -s reload