http://www.07net01.com/2015/04/822090.html
直接用Openresty替換掉了Nginx,通過Nginx內嵌Lua配合一個Memcached實現一個不依賴后端反爬蟲驗證(類似于CloudFlare的驗證碼。Memcached中包含鍵值identify_ip的用戶都會被重定向到identify.php進行處理,可以在identify.php通過驗證碼或者js進行human驗證,驗證之后將identify_IP刪除,該IP即可繼續訪問。
server { #... location / { index index.php; } location ~ /.php$ { content_by_lua ' uri = ngx.var.uri if uri == "/identify.php" then ngx.exec("@bypass") return end clientIP = ngx.var.remote_addr local memcached = require "resty.memcached" local memc, err = memcached:new() if not memc then ngx.say("failed to instantiate memc: ", err) return end local ok, err = memc:connect("127.0.0.1", 11211) if not ok then ngx.say("failed to connect: ", err) return end local res, flags, err = memc:get("identify_"..clientIP) if err then ngx.exec("@bypass") return end if res == "1" then ngx.exec("@identify") return end ngx.exec("@bypass") '; } location @bypass { #echo 'bypass'; #rewrite break fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location @identify { #echo 'identify'; #identify.php rewrite ^/(.*)$ /identify.php?url=$request_uri redirect; #redirect } location ~ //.ht { deny all; } }identify_IP鍵值可通過分析Nginx日志自動set,通過AWK篩選出10分鐘的訪問日志。
tac chd_access.log | awk 'BEGIN{ "date -d /"-10 minute/" +/"%H:%M:%S/"" | getline min5 } { if (substr($4, 14) > min5) PRint; else exit;}' | tac然后寫個python cron分析,比如10分鐘內請求頁面數超過100的用戶,然后插入Memcached好了...
原文地址:Openresty+Lua+Memcached反爬蟲策略, 感謝原作者分享。關鍵詞:
新聞熱點
疑難解答
