配置Nginx实现简单防御cc攻击

  wget https://github.com/openresty/lua-nginx-module/archive/master.zip  unzip master.zip    

  #./configure   --user=nginx   --group=nginx   --prefix=/usr/local/gacp/nginx   --error-log-path=/data/logs/nginx/error/error.log   --http-log-path=/data/logs/nginx/access/access.log   --pid-path=/usr/local/gacp/nginx/conf/nginx.pid   --lock-path=/var/lock/nginx.lock   --with-http_flv_module   --with-http_stub_status_module   --with-http_ssl_module   --with-pcre   --with-http_realip_module   --with-http_gzip_static_module   --with-google_perftools_module   --with-file-aio   --add-module=../ngx_cache_purge-2.3   --add-module=../lua-nginx-module-master    # make && make install    

  http {  .....  limit_req_zone $cookie_token zone=session_limit:3m rate=1r/s;  limit_req_zone $binary_remote_addr $uri zone=auth_limit:3m rate=1r/m;      }    server {  listen 80;  server_name localhost;  access_log /data/logs/nginx/access/localhost.access.log main;  error_log /data/logs/nginx/error/localhost.error.log;  charset utf-8;  client_max_body_size 75M;  root /data/www;    location / {    limit_req zone=session_limit burst=5;    rewrite_by_lua '  local random = ngx.var.cookie_random  if(random == nil) then  return ngx.redirect("/auth?url=" .. ngx.var.request_uri)  end    local token = ngx.md5("opencdn" .. ngx.var.remote_addr .. random)  if(ngx.var.cookie_token ~= token) then  return ngx.redirect("/auth?url=" .. ngx.var.request_uri)  end  ';  }    location /auth {  limit_req zone=auth_limit burst=1;    if ($arg_url = "") {  return 403;  }    access_by_lua '  local random = math.random(9999)  local token = ngx.md5("opencdn" .. ngx.var.remote_addr .. random)  if(ngx.var.cookie_token ~= token) then  ngx.header["Set-Cookie"] = {"token=" .. token, "random=" .. random}  return ngx.redirect(ngx.var.arg_url)  end  ';    }  }