在这里插入图片描述

通过访问日志自动添加国外ip黑名单
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

创建一个类,自己添加一个main启动类即可测试

import lombok.AccessLevel;
import lombok.NoArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.json.JSONArray;
import org.json.JSONObject;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

import java.io.*;
import java.net.URL;
import java.net.URLConnection;
import java.text.SimpleDateFormat;
import java.util.*;
import java.util.stream.Collectors;

import static java.lang.Character.LINE_SEPARATOR;

@Slf4j
@Component
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public class SecurityIp {
    private final static String[] privinces = {"北京市", "天津市", "河北省", "山西省", "内蒙古", "辽宁省", "吉林省", "黑龙江省", "上海市", "江苏省", "浙江省", "安徽省", "福建省", "江西省", "山东省", "河南省", "湖北省", "湖南省", "广东省", "广西", "海南省", "重庆市", "四川省", "贵州省", "云南省", "西藏", "陕西省", "甘肃省", "青海省", "宁夏", "新疆", "台湾省", "香港", "澳门", "此IP属于本地局域网","本地局域网"};

    //nginx的工作空间
    private final static String nginxPath = "F:/zty/testlinux/usr/local/nginx/";
    //nging的access.log路径
    private final static String logPath = nginxPath + "logs/access.log";
    //黑名单配置文件路径
    private final static String blackListPath = nginxPath + "conf/blackListIp.conf";
    private final static String blackListLogPath = nginxPath + "conf/blackListIpLog.log";
    //启动脚本文件路径
    private final static String binPath = nginxPath + "";

    private static String getAddressByIp(String ip) {
        try {
            URL url = new URL("http://opendata.baidu.com/api.php?query=" + ip + "&co=&resource_id=6006&t=1433920989928&ie=utf8&oe=utf-8&format=json");
            URLConnection conn = url.openConnection();
            BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream(), "utf-8"));
            String line = null;
            StringBuffer result = new StringBuffer();
            while ((line = reader.readLine()) != null) {
                result.append(line);
            }
            reader.close();
            JSONObject jsStr = new JSONObject(result.toString());
            JSONArray jsData = (JSONArray) jsStr.get("data");
            JSONObject data = (JSONObject) jsData.get(0);//位置
            return (String) data.get("location");
        } catch (IOException e) {
            log.error("getAddressByIp error, ip={},msg={}", ip, e);
            return null;
        }
    }

    /**
     * 扫描非法IP
     * 每隔30秒扫描一次非法IP并加入黑名单
     */
    @Scheduled(fixedDelay = 3000)
    public void scanForIllegalIP() throws Exception {
        List<String> ips = getIps();// 将当前检测国外ip加入黑名单并且返回
        if(ips.size() > 0) {
            SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
            System.out.println("deny,国外ip:" + ips + "已写入nginx黑名单列表"+sdf.format(new Date()));
        }
    }

    /**
     * 获取国外ip
     *
     * @return
     */
    private List<String> getIps() {
        File file = new File(logPath);
        if (!file.exists()) {
            log.error("{} not exists", logPath);
            return null;
        }
        try {
            List<String> lines = new ArrayList<>();
            try (BufferedReader reader = new BufferedReader(new FileReader(file))) {
                String line;
                while ((line = reader.readLine()) != null) {
                    // 获取access.log中ip
                    String ip = line.substring(0, line.indexOf(" - - ["));
                    if (!ip.equals("127.0.0.1")) {
                        String securityIps = securityIps(ip);// 校验ip是否是国外ip,如果是的写入黑名单
                        if (Objects.nonNull(securityIps) && !securityIps.isEmpty()) {
                            lines.add(securityIps);// 国外ip加入黑名单的相应
                        }
                    }
                }
            }
            return lines;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }


    /**
     * 将ip写入黑名单
     *
     * @param ip
     * @return
     */
    private String securityIps(String ip) {
        String location = getAddressByIp(ip);
        if (Objects.nonNull(location) && privinces.length > 0) {
            List<String> lines = new ArrayList<>();
            List<String> notIps = Arrays.stream(privinces).filter(p -> p.contains(location)).collect(Collectors.toList());
            if (Objects.nonNull(notIps) && notIps.size() == 0) {

                // 写入黑名单时先查询此ip是否写入黑名单
                File isExsitfile = new File(blackListPath);
                if (!isExsitfile.exists()) {
                    log.error("{} not exists", logPath);
                    return null;
                }
                try {
                    try (BufferedReader reader = new BufferedReader(new FileReader(isExsitfile))) {
                        String line;
                        while ((line = reader.readLine()) != null) {
                            // 获取blackListIp.conf,判断是否已经写入
                            if (Objects.nonNull(line) && !line.isEmpty() && !line.contains("127.0.0.1") && !line.contains("#")) {
                                String newLines = line.replace(" deny ", "").replace(";", "");
                                lines.add(newLines);
                            }
                        }
                    }
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
            //第二步,写入非法IP进nginx的blackList文件
            try {
                List<String> isExit = lines.stream().filter(line -> line.contains(ip)).collect(Collectors.toList());
                if (notIps.size()==0&&isExit.size() == 0) {// 国外ip不在白名单中并且没有写入黑名单
                    File file = new File(blackListPath);
                    FileWriter out = new FileWriter(file, true);
                    BufferedWriter bw = new BufferedWriter(out);
                    bw.write(LINE_SEPARATOR);
                    bw.write(" deny " + ip + ";");
                    bw.flush();
                    bw.close();
                    log.info("国外:" + location + "IP:{} 已写入nginx黑名单列表", ip);

                    // 写入nginx黑名单日志
                    File blackListLog = new File(blackListLogPath);
                    FileWriter blackListout = new FileWriter(blackListLog, true);
                    BufferedWriter blackListbw = new BufferedWriter(blackListout);
                    blackListbw.write(LINE_SEPARATOR);
                    SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");

                    blackListbw.write("deny,国外:" + location + ip + "已写入nginx黑名单列表"+sdf.format(new Date()));
                    blackListbw.flush();
                    blackListbw.close();
                    return ip;
                }

            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
        return "";
    }
}


点赞(0) 打赏

评论列表 共有 0 条评论

暂无评论

微信公众账号

微信扫一扫加关注

发表
评论
返回
顶部