Nginx根据查询字符串屏蔽访问

发现有人在刷网站的注册,IP比较分散,网站注册环节是有验证码,但刷注册的这个验证码一直就没变过

36.251.148.6 - - [12/Oct/2015:13:50:38 +0800] "GET /member/reg.html?step=1&mobile=13872972880&checkcode=v5bb HTTP/1.1" 200 
101.71.32.12 - - [12/Oct/2015:13:50:38 +0800] "GET /member/reg.html?step=1&mobile=13971050735&checkcode=v5bb HTTP/1.1" 200
171.88.126.51 - - [12/Oct/2015:13:50:38 +0800] "GET /member/reg.html?step=1&mobile=15588291414&checkcode=v5bb HTTP/1.1" 200
222.216.31.24 - - [12/Oct/2015:13:50:38 +0800] "GET /member/reg.html?step=1&mobile=13977125525&checkcode=v5bb HTTP/1.1" 200
115.212.189.106 - - [12/Oct/2015:13:50:38 +0800] "GET /member/reg.html?step=1&mobile=13625885599&checkcode=v5bb HTTP/1.1" 200
115.212.189.106 - - [12/Oct/2015:13:50:38 +0800] "GET /member/reg.html?step=1&mobile=13625885599&checkcode=v5bb HTTP/1.1" 200
222.216.31.24 - - [12/Oct/2015:13:50:38 +0800] "GET /member/reg.html?step=1&mobile=15607818598&checkcode=v5bb HTTP/1.1" 200

虽说这样刷是注册不了的,但却增加了后端服务器的压力,干脆封掉,在nginx的server中添加如下内容,$query_string是nginx的内建变量,类似的还有$request_uri和$uri

if  ($query_string  ~* "step=1&mobile=(\d){11}&checkcode=v5bb") {
            return 403;
}

这样配置之后,nginx便直接给恶意访问者返回403,不用经过后端服务器处理了

 

 

 

发表评论

电子邮件地址不会被公开。 必填项已用*标注