绿色资源网:您身边最放心的安全下载站! 最新软件|热门排行|软件分类|软件专题|论坛转帖|厂商大全

绿色资源网

技术教程
您的位置:首页服务器类Web服务器 → nginx 全局变量及防DDOS攻击的简单配置

nginx 全局变量及防DDOS攻击的简单配置

我要评论 2013/03/31 12:52:31 来源:绿色资源网 编辑:www.downcc.com [ ] 评论:0 点击:516次

经常需要配置Nginx ,其中有许多以 $ 开头的变量,经常需要查阅nginx 所支持的变量。

可能是对 Ngixn资源不熟悉,干脆就直接读源码,分析出支持的变量。

Nginx支持的http变量实现在 ngx_http_variables.c 的 ngx_http_core_variables存储实现

ngx_http_core_variables

  1 static ngx_http_variable_t ngx_http_core_variables[] = {
 

  2 
  3     { ngx_string("http_host"), NULL, ngx_http_variable_header,
  4       offsetof(ngx_http_request_t, headers_in.host), 0, 0 },
  5 
  6     { ngx_string("http_user_agent"), NULL, ngx_http_variable_header,
  7       offsetof(ngx_http_request_t, headers_in.user_agent), 0, 0 },
  8 
  9     { ngx_string("http_referer"), NULL, ngx_http_variable_header,
 10       offsetof(ngx_http_request_t, headers_in.referer), 0, 0 },
 11 
 12 #if (NGX_HTTP_GZIP)
 13     { ngx_string("http_via"), NULL, ngx_http_variable_header,
 14       offsetof(ngx_http_request_t, headers_in.via), 0, 0 },
 15 #endif
 16 
 17 #if (NGX_HTTP_PROXY || NGX_HTTP_REALIP)
 18     { ngx_string("http_x_forwarded_for"), NULL, ngx_http_variable_header,
 19       offsetof(ngx_http_request_t, headers_in.x_forwarded_for), 0, 0 },
 20 #endif
 21 
 22     { ngx_string("http_cookie"), NULL, ngx_http_variable_headers,
 23       offsetof(ngx_http_request_t, headers_in.cookies), 0, 0 },
 24 
 25     { ngx_string("content_length"), NULL, ngx_http_variable_header,
 26       offsetof(ngx_http_request_t, headers_in.content_length), 0, 0 },
 27 
 28     { ngx_string("content_type"), NULL, ngx_http_variable_header,
 29       offsetof(ngx_http_request_t, headers_in.content_type), 0, 0 },
 30 
 31     { ngx_string("host"), NULL, ngx_http_variable_host, 0, 0, 0 },
 32 
 33     { ngx_string("binary_remote_addr"), NULL,
 34       ngx_http_variable_binary_remote_addr, 0, 0, 0 },
 35 
 36     { ngx_string("remote_addr"), NULL, ngx_http_variable_remote_addr, 0, 0, 0 },
 37 
 38     { ngx_string("remote_port"), NULL, ngx_http_variable_remote_port, 0, 0, 0 },
 39 
 40     { ngx_string("server_addr"), NULL, ngx_http_variable_server_addr, 0, 0, 0 },
 41 
 42     { ngx_string("server_port"), NULL, ngx_http_variable_server_port, 0, 0, 0 },
 43 
 44     { ngx_string("server_protocol"), NULL, ngx_http_variable_request,
 45       offsetof(ngx_http_request_t, http_protocol), 0, 0 },
 46 
 47     { ngx_string("scheme"), NULL, ngx_http_variable_scheme, 0, 0, 0 },
 48 
 49     { ngx_string("request_uri"), NULL, ngx_http_variable_request,
 50       offsetof(ngx_http_request_t, unparsed_uri), 0, 0 },
 51 
 52     { ngx_string("uri"), NULL, ngx_http_variable_request,
 53       offsetof(ngx_http_request_t, uri),
 54       NGX_HTTP_VAR_NOCACHEABLE, 0 },
 55 
 56     { ngx_string("document_uri"), NULL, ngx_http_variable_request,
 57       offsetof(ngx_http_request_t, uri),
 58       NGX_HTTP_VAR_NOCACHEABLE, 0 },
 59 
 60     { ngx_string("request"), NULL, ngx_http_variable_request_line, 0, 0, 0 },
 61 
 62     { ngx_string("document_root"), NULL,
 63       ngx_http_variable_document_root, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
 64 
 65     { ngx_string("realpath_root"), NULL,
 66       ngx_http_variable_realpath_root, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
 67 
 68     { ngx_string("query_string"), NULL, ngx_http_variable_request,
 69       offsetof(ngx_http_request_t, args),
 70       NGX_HTTP_VAR_NOCACHEABLE, 0 },
 71 
 72     { ngx_string("args"),
 73       ngx_http_variable_request_set,
 74       ngx_http_variable_request,
 75       offsetof(ngx_http_request_t, args),
 76       NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
 77 
 78     { ngx_string("is_args"), NULL, ngx_http_variable_is_args,
 79       0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
 80 
 81     { ngx_string("request_filename"), NULL,
 82       ngx_http_variable_request_filename, 0,
 83       NGX_HTTP_VAR_NOCACHEABLE, 0 },
 84 
 85     { ngx_string("server_name"), NULL, ngx_http_variable_server_name, 0, 0, 0 },
 86 
 87     { ngx_string("request_method"), NULL,
 88       ngx_http_variable_request_method, 0,
 89       NGX_HTTP_VAR_NOCACHEABLE, 0 },
 90 
 91     { ngx_string("remote_user"), NULL, ngx_http_variable_remote_user, 0, 0, 0 },
 92 
 93     { ngx_string("body_bytes_sent"), NULL, ngx_http_variable_body_bytes_sent,
 94       0, 0, 0 },
 95 
 96     { ngx_string("request_completion"), NULL,
 97       ngx_http_variable_request_completion,
 98       0, 0, 0 },
 99 
100     { ngx_string("request_body"), NULL,
101       ngx_http_variable_request_body,
102       0, 0, 0 },
103 
104     { ngx_string("request_body_file"), NULL,
105       ngx_http_variable_request_body_file,
106       0, 0, 0 },
107 
108     { ngx_string("sent_http_content_type"), NULL,
109       ngx_http_variable_sent_content_type, 0, 0, 0 },
110 
111     { ngx_string("sent_http_content_length"), NULL,
112       ngx_http_variable_sent_content_length, 0, 0, 0 },
113 
114     { ngx_string("sent_http_location"), NULL,
115       ngx_http_variable_sent_location, 0, 0, 0 },
116 
117     { ngx_string("sent_http_last_modified"), NULL,
118       ngx_http_variable_sent_last_modified, 0, 0, 0 },
119 
120     { ngx_string("sent_http_connection"), NULL,
121       ngx_http_variable_sent_connection, 0, 0, 0 },
122 
123     { ngx_string("sent_http_keep_alive"), NULL,
124       ngx_http_variable_sent_keep_alive, 0, 0, 0 },
125 
126     { ngx_string("sent_http_transfer_encoding"), NULL,
127       ngx_http_variable_sent_transfer_encoding, 0, 0, 0 },
128 
129     { ngx_string("sent_http_cache_control"), NULL, ngx_http_variable_headers,
130       offsetof(ngx_http_request_t, headers_out.cache_control), 0, 0 },
131 
132     { ngx_string("limit_rate"), ngx_http_variable_request_set_size,
133       ngx_http_variable_request_get_size,
134       offsetof(ngx_http_request_t, limit_rate),
135       NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
136 
137     { ngx_string("nginx_version"), NULL, ngx_http_variable_nginx_version,
138       0, 0, 0 },
139 
140     { ngx_string("hostname"), NULL, ngx_http_variable_hostname,
141       0, 0, 0 },
142 
143     { ngx_string("pid"), NULL, ngx_http_variable_pid,
144       0, 0, 0 },
145 
146     { ngx_null_string, NULL, NULL, 0, 0, 0 }
147 };

把这些变量提取下,总结如下:
 

nginx防DDOS攻击的简单配置

nginx本身就有防DDOS攻击这方面的模块ngx_http_limit_req_module和ngx_http_limit_conn_module。

一、基本介绍

1.ngx_http_limit_req_module

配置格式及说明:

设置一个缓存区保存不同key的状态,这里的状态是指当前的过量请求数。而key是由variable指定的,是一个非空的变量,我们这里使用$binary_remote_addr,表示源IP为key值。

limit_req_zone $variable zone=name:size rate=rate;

  指定要进行限制的缓存区和最大的请求到达后有多少个请求放入延迟队列(其它的直接丢弃)。如果不希望请求

关键词:nginx,DDOS攻击

阅读本文后您有什么感想? 已有 人给出评价!

  • 1 欢迎喜欢
  • 1 白痴
  • 1 拜托
  • 1 哇
  • 1 加油
  • 1 鄙视