nginx 全局變量及防DDOS攻擊的簡單配置
經(jīng)常需要配置Nginx ,其中有許多以 $ 開頭的變量,經(jīng)常需要查閱nginx 所支持的變量。
可能是對 Ngixn資源不熟悉,干脆就直接讀源碼,分析出支持的變量。
Nginx支持的http變量實現(xiàn)在 ngx_http_variables.c 的 ngx_http_core_variables存儲實現(xiàn):
ngx_http_core_variables
1 static ngx_http_variable_t ngx_http_core_variables[] = {
2 3 { ngx_string("http_host"), NULL, ngx_http_variable_header, 4 offsetof(ngx_http_request_t, headers_in.host), 0, 0 }, 5 6 { ngx_string("http_user_agent"), NULL, ngx_http_variable_header, 7 offsetof(ngx_http_request_t, headers_in.user_agent), 0, 0 }, 8 9 { ngx_string("http_referer"), NULL, ngx_http_variable_header, 10 offsetof(ngx_http_request_t, headers_in.referer), 0, 0 }, 11 12 #if (NGX_HTTP_GZIP) 13 { ngx_string("http_via"), NULL, ngx_http_variable_header, 14 offsetof(ngx_http_request_t, headers_in.via), 0, 0 }, 15 #endif 16 17 #if (NGX_HTTP_PROXY || NGX_HTTP_REALIP) 18 { ngx_string("http_x_forwarded_for"), NULL, ngx_http_variable_header, 19 offsetof(ngx_http_request_t, headers_in.x_forwarded_for), 0, 0 }, 20 #endif 21 22 { ngx_string("http_cookie"), NULL, ngx_http_variable_headers, 23 offsetof(ngx_http_request_t, headers_in.cookies), 0, 0 }, 24 25 { ngx_string("content_length"), NULL, ngx_http_variable_header, 26 offsetof(ngx_http_request_t, headers_in.content_length), 0, 0 }, 27 28 { ngx_string("content_type"), NULL, ngx_http_variable_header, 29 offsetof(ngx_http_request_t, headers_in.content_type), 0, 0 }, 30 31 { ngx_string("host"), NULL, ngx_http_variable_host, 0, 0, 0 }, 32 33 { ngx_string("binary_remote_addr"), NULL, 34 ngx_http_variable_binary_remote_addr, 0, 0, 0 }, 35 36 { ngx_string("remote_addr"), NULL, ngx_http_variable_remote_addr, 0, 0, 0 }, 37 38 { ngx_string("remote_port"), NULL, ngx_http_variable_remote_port, 0, 0, 0 }, 39 40 { ngx_string("server_addr"), NULL, ngx_http_variable_server_addr, 0, 0, 0 }, 41 42 { ngx_string("server_port"), NULL, ngx_http_variable_server_port, 0, 0, 0 }, 43 44 { ngx_string("server_protocol"), NULL, ngx_http_variable_request, 45 offsetof(ngx_http_request_t, http_protocol), 0, 0 }, 46 47 { ngx_string("scheme"), NULL, ngx_http_variable_scheme, 0, 0, 0 }, 48 49 { ngx_string("request_uri"), NULL, ngx_http_variable_request, 50 offsetof(ngx_http_request_t, unparsed_uri), 0, 0 }, 51 52 { ngx_string("uri"), NULL, ngx_http_variable_request, 53 offsetof(ngx_http_request_t, uri), 54 NGX_HTTP_VAR_NOCACHEABLE, 0 }, 55 56 { ngx_string("document_uri"), NULL, ngx_http_variable_request, 57 offsetof(ngx_http_request_t, uri), 58 NGX_HTTP_VAR_NOCACHEABLE, 0 }, 59 60 { ngx_string("request"), NULL, ngx_http_variable_request_line, 0, 0, 0 }, 61 62 { ngx_string("document_root"), NULL, 63 ngx_http_variable_document_root, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 }, 64 65 { ngx_string("realpath_root"), NULL, 66 ngx_http_variable_realpath_root, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 }, 67 68 { ngx_string("query_string"), NULL, ngx_http_variable_request, 69 offsetof(ngx_http_request_t, args), 70 NGX_HTTP_VAR_NOCACHEABLE, 0 }, 71 72 { ngx_string("args"), 73 ngx_http_variable_request_set, 74 ngx_http_variable_request, 75 offsetof(ngx_http_request_t, args), 76 NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 }, 77 78 { ngx_string("is_args"), NULL, ngx_http_variable_is_args, 79 0, NGX_HTTP_VAR_NOCACHEABLE, 0 }, 80 81 { ngx_string("request_filename"), NULL, 82 ngx_http_variable_request_filename, 0, 83 NGX_HTTP_VAR_NOCACHEABLE, 0 }, 84 85 { ngx_string("server_name"), NULL, ngx_http_variable_server_name, 0, 0, 0 }, 86 87 { ngx_string("request_method"), NULL, 88 ngx_http_variable_request_method, 0, 89 NGX_HTTP_VAR_NOCACHEABLE, 0 }, 90 91 { ngx_string("remote_user"), NULL, ngx_http_variable_remote_user, 0, 0, 0 }, 92 93 { ngx_string("body_bytes_sent"), NULL, ngx_http_variable_body_bytes_sent, 94 0, 0, 0 }, 95 96 { ngx_string("request_completion"), NULL, 97 ngx_http_variable_request_completion, 98 0, 0, 0 }, 99 100 { ngx_string("request_body"), NULL, 101 ngx_http_variable_request_body, 102 0, 0, 0 }, 103 104 { ngx_string("request_body_file"), NULL, 105 ngx_http_variable_request_body_file, 106 0, 0, 0 }, 107 108 { ngx_string("sent_http_content_type"), NULL, 109 ngx_http_variable_sent_content_type, 0, 0, 0 }, 110 111 { ngx_string("sent_http_content_length"), NULL, 112 ngx_http_variable_sent_content_length, 0, 0, 0 }, 113 114 { ngx_string("sent_http_location"), NULL, 115 ngx_http_variable_sent_location, 0, 0, 0 }, 116 117 { ngx_string("sent_http_last_modified"), NULL, 118 ngx_http_variable_sent_last_modified, 0, 0, 0 }, 119 120 { ngx_string("sent_http_connection"), NULL, 121 ngx_http_variable_sent_connection, 0, 0, 0 }, 122 123 { ngx_string("sent_http_keep_alive"), NULL, 124 ngx_http_variable_sent_keep_alive, 0, 0, 0 }, 125 126 { ngx_string("sent_http_transfer_encoding"), NULL, 127 ngx_http_variable_sent_transfer_encoding, 0, 0, 0 }, 128 129 { ngx_string("sent_http_cache_control"), NULL, ngx_http_variable_headers, 130 offsetof(ngx_http_request_t, headers_out.cache_control), 0, 0 }, 131 132 { ngx_string("limit_rate"), ngx_http_variable_request_set_size, 133 ngx_http_variable_request_get_size, 134 offsetof(ngx_http_request_t, limit_rate), 135 NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 }, 136 137 { ngx_string("nginx_version"), NULL, ngx_http_variable_nginx_version, 138 0, 0, 0 }, 139 140 { ngx_string("hostname"), NULL, ngx_http_variable_hostname, 141 0, 0, 0 }, 142 143 { ngx_string("pid"), NULL, ngx_http_variable_pid, 144 0, 0, 0 }, 145 146 { ngx_null_string, NULL, NULL, 0, 0, 0 } 147 };
把這些變量提取下,總結如下:
nginx防DDOS攻擊的簡單配置
nginx本身就有防DDOS攻擊這方面的模塊ngx_http_limit_req_module和ngx_http_limit_conn_module。
一、基本介紹
1.ngx_http_limit_req_module
配置格式及說明:
設置一個緩存區(qū)保存不同key的狀態(tài),這里的狀態(tài)是指當前的過量請求數(shù)。而key是由variable指定的,是一個非空的變量,我們這里使用$binary_remote_addr,表示源IP為key值。
limit_req_zone $variable zone=name:size rate=rate;
指定要進行限制的緩存區(qū)和最大的請求到達后有多少個請求放入延遲隊列(其它的直接丟棄)。如果不希望請求
關鍵詞:nginx,DDOS攻擊
閱讀本文后您有什么感想? 已有 人給出評價!
- 1
- 1
- 1
- 1
- 1
- 1