碼上快樂

相關內容    簡體    繁體

阿里雲SLB限制ip和CDN限制ip(指定ip的限制),及自動腳本的實現

本文轉載自   查看原文   2019-01-25 09:54   686 

一、shell總執行腳本

#!/bin/bash

#目前cdn只限制單個域名
#slb限制是所有域名

#限制的ip列表
ban_ip_list=(192.168.1.1
172.16.1.0/24

)

#每分鍾限制訪問的最大次數,大於等於該數,就封ip10分鍾
max_request_num=30
slb_access_log_file=/tmp/slb_access_log.log
slb_api_log_file=/tmp/slb_api.log
ban_ip_file=/tmp/ban_ip_time.txt

python /usr/local/scripts/slb_log.py >${slb_access_log_file}
egrep  "/index.html"  ${slb_access_log_file}  >${slb_api_log_file} #對哪個url進行統計


for ip in ${ban_ip_list[*]};do
    ip_access_num=`egrep "${ip}"  $slb_api_log_file|wc -l`
    if [ ${ip_access_num} -ge ${max_request_num} ];then
        #slb禁ip  
        python  /usr/local/scripts/slb_access_control.py ${ip}
        
    fi
    #刪除限制時間到期的ip
    if [ -s ${ban_ip_file} ];then
        date_time=`date +%s`
        for i in `cat /tmp/ban_ip_time.txt`;do 
            if [ `echo $i|awk -F"-"   '{print $2}'` -lt ${date_time} ];then
                 remove_ip=`echo $i|awk -F"-"   '{print $1}'`
                 #刪除slb中的限制的ip
                 python   /usr/local/scripts/slb_remove_ip.py ${remove_ip}
                 sed -i "/${i}/d" ${ban_ip_file}
            fi
        done
    fi

done

if [ -s ${ban_ip_file} ];then
    CDN_BAN_IP=`awk -F "-" '{printf $1","}' ${ban_ip_file}`
else
    CDN_BAN_IP=''
fi

#cdn的ip限制與解除限制
python /usr/local/scripts/cdn_ban_ip.py  ${CDN_BAN_IP}

 

二、讀取slb訪問日志腳本(需要日志服務管理權限) slb_log.py

pip install -U aliyun-log-python-sdk

 

import time
from aliyun.log.logitem import LogItem
from aliyun.log.logclient import LogClient
from aliyun.log.getlogsrequest import GetLogsRequest
from aliyun.log.putlogsrequest import PutLogsRequest
from aliyun.log.listlogstoresrequest import ListLogstoresRequest
from aliyun.log.gethistogramsrequest import GetHistogramsRequest
import re


def main():
    endpoint = 'cn-qingdao.log.aliyuncs.com' #地區
    accessKeyId = 'ACCESSKETID' #ACCESSKETID
    accessKey = 'accessKey' #accessKey
    project = 'project'  #創建的項目名
    logstore = '日志名稱' #日志名
    client = LogClient(endpoint, accessKeyId, accessKey)
    req1 = ListLogstoresRequest(project)
    res1 = client.list_logstores(req1)
#    res1.log_print()
    topic = ""
    source = ""
    
    listShardRes = client.list_shards(project, logstore)
    for shard in listShardRes.get_shards_info():
        shard_id = shard["shardID"]
        start_time = int(time.time() - 60)   #一分鍾前的slb訪問日志
        end_time = start_time + 60
        res = client.get_cursor(project, logstore, shard_id, start_time)
        res.log_print()
        start_cursor = res.get_cursor()
        res = client.get_cursor(project, logstore, shard_id, end_time)
        end_cursor = res.get_cursor()
        res = client.pull_logs(project, logstore, shard_id, start_cursor,1, end_cursor)
        while True:
            loggroup_count = 1
            res = client.pull_logs(project, logstore, shard_id, start_cursor, loggroup_count, end_cursor)
            log = res.log_print()
            next_cursor = res.get_next_cursor()
            if next_cursor == start_cursor:
                break
            start_cursor = next_cursor

if __name__ == "__main__":
    main()

 

 

三、slb限制ip的腳本(slb_access_control.py )

pip install  aliyun-python-sdk-slb

#!/usr/bin/python
from aliyunsdkcore import client
from aliyunsdkslb.request.v20140515 import AddAccessControlListEntryRequest
import time
import sys


BAN_IP = sys.argv[1]
BAN_FILE = r'/tmp/ban_ip_time.txt'


AccessKeyId = 'AccessKeyId' #AccessKeyId
AccessKeySecret = 'AccessKeySecret' #AccessKeySecret
Endpoint = 'cn-qingdao'  #地區
client = client.AcsClient(AccessKeyId,AccessKeySecret,Endpoint)

request = AddAccessControlListEntryRequest.AddAccessControlListEntryRequest()
request.set_accept_format('json')
comment_str = "%s-"%BAN_IP+str(int(time.time())+600)
with open(BAN_FILE,'a') as f:
    f.write(comment_str)
    f.write('\n')
AclEntrys = [{"entry":"%s/32"%BAN_IP,"comment":comment_str}]
request.set_AclEntrys(AclEntrys)
request.set_AclId('acl-m5evxzrxlhiv86azkrret')

response = client.do_action_with_exception(request)
print(response)

 

四、刪除slb中的限制的ip的腳本 (slb_remove_ip.py)

#!/usr/bin/python
from aliyunsdkcore import client
from aliyunsdkslb.request.v20140515 import RemoveAccessControlListEntryRequest
import time
import sys

REMOVE_IP = sys.argv[1]
AccessKeyId = 'AccessKeyId' #AccessKeyId
AccessKeySecret = 'AccessKeySecret' #AccessKeySecret
Endpoint = 'cn-qingdao' #地區
client = client.AcsClient(AccessKeyId,AccessKeySecret,Endpoint)

request = RemoveAccessControlListEntryRequest.RemoveAccessControlListEntryRequest()
request.set_accept_format('json')
AclEntrys = [{"entry":"%s/32"%REMOVE_IP,"comment":"privaterule1"}]
request.set_AclEntrys(AclEntrys)
request.set_AclId('acl-m5evxzrxlhiv86azkrret')
response = client.do_action_with_exception(request)
print(response)

 

五、cdn限制腳本(cdn_ban_ip.py)

pip install aliyun-python-sdk-cdn

#!/usr/bin/python
from aliyunsdkcore import client
from aliyunsdkcdn.request.v20141111 import SetIpBlackListConfigRequest
import sys

try:
    BAN_IP = sys.argv[1]
except Exception as e:
    BAN_IP= ''

AccessKeyId = 'AccessKeyId' #AccessKeyId
AccessKeySecret = 'AccessKeySecret' #AccessKeySecret
Endpoint = 'cn-qingdao' #地區

DomainName = 'www.baidu.com' #cdn限制訪問的域名
client = client.AcsClient(AccessKeyId,AccessKeySecret,Endpoint)

request = SetIpBlackListConfigRequest.SetIpBlackListConfigRequest()
request.set_BlockIps(BAN_IP)
request.set_DomainName(DomainName)
response = client.do_action_with_exception(request)

 

 

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 在阿里雲SLB下如何實現http自動轉向https 阿里雲SLB和VPC的限制關系 阿里雲 SLB 日志使用 阿里雲CDN使用 阿里雲四層SLB和七層SLB的區別 阿里雲負載均衡SLB簡介 阿里雲 SLB 使用的注意事項 阿里雲SLB的http強制轉https 阿里雲SLB的健康檢查配置 分享阿里雲SLB-負載均衡的實現基本原理架構
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM