Cause
Every time this site opens registration, there will be many Taiwanese IPs registered with many spam users, filling in their personal information randomly, and then replying to posts randomly, resulting in very annoyance, as shown in the figure below:
We can see that the registered IPs are all Taiwanese addresses, so I want to block this IP segment directly!
solution
Since the website backend web container uses nginx, but when users access this site, they need to go through Alibaba Cloud's load balancing, resulting in the server nginx cannot obtain the user's real IP address, that is, setting deny is invalid! Of course, there are also solutions, which are referenced below:
Due to the complexity of the setup and the need to add new modules, login server settings, etc., I gave up and tried to find a solution from Alibaba Cloud's "load balancing".
The hard work pays off, although Alibaba Cloud's load balancing does not have a security group, but it has an access policy! We can configure the blacklist by accessing the policy, as shown in the figure below:
I filled in my IP address and the IP segment I wanted to block, as shown in the figure below:
#封整个段即从123.0.0.1 to 123.255.255.254
123.0.0.0/8
#封IP段即从123.45.0.1 to 123.45.255.254
124.45.0.0/16
#封IP段即从123.45.6.1 to 123.45.6.254 are commands
123.45.6.0/24
Link:https://slbnew.console.aliyun.com/
In the last step, in the load balancing listening settings, enable access control, set the blacklist mode, and select the access policy group you just created, as shown in the figure below:
Fill in your own IP address to test the effect! Our native browser accesses this website, and it cannot be accessed, and then, let others access the test, and it can be accessed and browsed normally! As shown below:
|
Posted on 5/19/2018 12:14:29 PM
|
|
|
|
Posted on 5/19/2018 8:04:40 PM
|
Landlord|
Posted on 5/20/2018 2:29:24 PM
|
