vyouzhis/ngx_http_etomc2_cc

ngx_http_etomc2_cc is nginx module Anti attack cc

ngx_http_etomc2_cc

ngx_http_etomc2_cc is nginx module Anti attack cc!
ngx_http_etomc2_cc 是 nginx 一个智能防护 CC 攻击的模块插件
Explore the docs »

View Demo · Report Bug · Request Feature

栏目(Table of Contents)

• 关于该项目(About the Project)
  • 依赖关系(Built With)
• 起始(Getting Started)
  • 编译安装(Installation)
• 配置(Usage)
• 集群(Cluster)
• WebAPI
• Web-Dashboard
• 调试(Review)
• License
• 联系(Contact)

关于该项目(About the Project)

主要分析网站访问者的用户行为.不同的访问者在浏览某一个网站的时候，都会产生不同的用户行为。目前暂把该行为分成三类：

用户行为:

• 正常的访问者：一般的访问者都是从首页进入，之后综横分开访问不同的内页。
• 恶意的访问者：会通过大量的IP同时访问某一个页面或API，从而造成服务器的内存及CPU消耗，而形成攻击。
• 单点访问者：这种访问基本上都是流失型，只会访问次数较少的，产生不了用户行为，就消失了。

目前本插件模块，可以快速分析有恶意的访问者，从而可以进行拦截。

拥有热更新参数(Runtime Configuration)

依赖关系(Built With)

需要用到的软件版本.

• nginx
• ngx_http_etomc2_cc

起始(Getting Started)

需要下载以下的文件.

编译安装(Installation)

1. 在这儿选择 nginx 的版本 http://nginx.org/download/nginx-1.18.0.tar.gz
2. 下载nginx

wget http://nginx.org/download/nginx-1.18.0.tar.gz

3. 解压

tar -zxvf nginx-1.18.0.tar.gz

4. git clone ngx_http_etomc2_cc

git clone https://github.com/vyouzhis/ngx_http_etomc2_cc.git

5. 编译安装

./configure --add-module=../ngx_http_etomc2_cc --with-http_ssl_module
gmake
gmake install

配置(Usage)

cc action

指令	区域	说明
ET2CCEnable	http	是否启用本防CC模块:on or off
et2_shm_size	http	本防CC 模块使用的内存
et2_cc_level	server	本防CC 等级,值: [1-5]
et2_cc_itemize	server	当前的server是否启用防CC模块:on or off
et2_cc_return_status	server	当成功拦截后，返回的状态码,默认为:444

集群(Cluster)

cc cluster

指令	区域	说明
et2_web_api	location	web api
et2_cluster_branch	location	cluster baranch,setting in main server

use nginx ngx_http_subrequest for cluster

                        user web api Control nodes

                       +-------------------------+
                       |    main nginx server    |
                       +------------+------------+
                                    |
                +-------------------+-----------------+
                |                   |                 |
                |                   |                 |
   +------------+-----+   +---------+---------+    +--+---------------+
   |node1 nginx server|   | node2 nginx server|    |node3 nginx server|
   +------------------+   +-------------------+    +------------------+

参考配置 nginx example conf

WebAPI

restful api	curl test	说明
main_conf	GET	取全局变量
json_flow	POST	受到CC攻击流量数据
update_conf	POST	在线更新配置
domain_list	GET	获取域名信息

main_conf

curl --location --request GET 'http://localhost:1234/main_conf'  

json_flow

curl --location --request POST 'http://localhost:1234/json_flow' \
--header 'domain: www.bb.com'

update_conf

curl --location --request POST 'http://localhost:1234/update_conf' \
--header 'domain: www.bb.com' \
--header 'glevel: 5' \
--header 'itemize: 1' \
--header 'rstatus: 443'

domain_list

curl --location --request GET 'http://localhost:1234/domain_list'

Web-Dashboard

doc/example_nginx.conf
server name :www.mydashboard.com
http://localhost/etomc2_dashboard/

调试(Review)

采用一个bash shell 进行测试

cat hack.sh
#! /bin/sh
#
# hack.sh
# Copyright (C) 2020 vyouzhi <vyouzhi@gmail.com>
#
# Distributed under terms of the MIT license.
#


for n in {1..15}
do
    echo $n
    ab -n 300 -c 30  -H "User-Agent: abc$n"  http://192.168.2.127/php.php&
done

nginx 的 access 日志

tail -50 ../logs/access.log
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc15"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc12"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc14"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc6"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc15"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc14"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc6"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc10"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc14"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc6"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc10"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc14"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc6"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc10"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc6"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc10"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc6"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc10"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc10"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc10"
192.168.2.149 - - [17/Sep/2020:17:55:23 +0800] "GET /php.php HTTP/1.0" 444 0 "-" "abc10

License

Distributed under the MIT License. See LICENSE for more information.

Contact

vyouzhi - @github - vouzhi@gmail.com