From c5a67383827a861cc5cefe9cb6923a33ea810ee1 Mon Sep 17 00:00:00 2001 From: Mikhail Che Date: Mon, 24 Feb 2014 09:31:13 +0500 Subject: [PATCH] Create README --- contrib/ip_blacklist/README | 73 +++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 contrib/ip_blacklist/README diff --git a/contrib/ip_blacklist/README b/contrib/ip_blacklist/README new file mode 100644 index 0000000..957fdef --- /dev/null +++ b/contrib/ip_blacklist/README @@ -0,0 +1,73 @@ +Ip_blacklist - counter and locker for IPs by limiting requests per time range. +Locked IPs will get saved and may be fake content from Redis :) (or 403) +Used the Redis storage only. +Monitoring blacklist on redis-cli: lrange ip_blacklist 0 -1 + +Requires +======= + +Requires openresty bundle http://openresty.org/ (tested on openresty/1.5.8.1) + or ngx-lua module http://wiki.nginx.org/HttpLuaModule#Installation + and lua-resty-redis from: https://github.com/agentzh/lua-resty-redis + + +Configure +======== + +Change settings on ip_blacklist_conf.lua (see options desciption in file): + +Redis: socket (or host, port), timeout, pool keepalive +Mode: |count|forbidden|nocapture +Time range: seconds of timeline division +Limit of requests on time range +Time lock: seconds for lock when IPs exceeded limit (prolong also if continue) +Debug: for log INFO messages into nginx.log +Log lock: persistent log list when locking IPs + +Replace the system distribution nginx with local installation of openresty +==================================================== + +Install latest openresty on default location usr/local/openresty. + +# service nginx stop +# or +# /etc/init.d/nginx stop + +mv /usr/local/openresty/nginx/conf /usr/local/openresty/nginx/conf_install +ln -s /etc/nginx /usr/local/openresty/nginx/conf +mv /usr/sbin/nginx /usr/sbin/nginx-back +ln -s /usr/local/openresty/nginx/sbin/nginx /usr/sbin/nginx + +mkdir /etc/nginx/lua +cp ip_blacklist_conf.lua /etc/nginx/lua/ +cp ip_blacklist.lua /etc/nginx/lua/ + +Configure NGINX +================ + +Add one line to http section: +lua_package_path "/etc/nginx/lua/?.lua;;"; + +Add one line per need location section: +access_by_lua_file '/etc/nginx/lua/ip_blacklist.lua'; + +... +http { + ... + # you do not need the following line if you are using the ngx_openresty bundle: + #lua_package_path "/path/to/lua-resty-redis/lib/?.lua;;"; + lua_package_path "/etc/nginx/lua/?.lua;;"; + ... + server { + ... + location <...> { + access_by_lua_file '/etc/nginx/lua/ip_blacklist.lua'; + proxy_pass | uwsgi_pass | ... + ... + } + ... + } +} + +# service nginx start +# /etc/init.d/nginx start