通过访问日志自动添加国外ip黑名单
创建一个类,自己添加一个main启动类即可测试
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.json.JSONArray;
import org.json.JSONObject;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import java.io.*;
import java.net.URL;
import java.net.URLConnection;
import java.text.SimpleDateFormat;
import java.util.*;
import java.util.stream.Collectors;
import static java.lang.Character.LINE_SEPARATOR;
@Slf4j
@Component
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public class SecurityIp {
private final static String[] privinces = {"北京市", "天津市", "河北省", "山西省", "内蒙古", "辽宁省", "吉林省", "黑龙江省", "上海市", "江苏省", "浙江省", "安徽省", "福建省", "江西省", "山东省", "河南省", "湖北省", "湖南省", "广东省", "广西", "海南省", "重庆市", "四川省", "贵州省", "云南省", "西藏", "陕西省", "甘肃省", "青海省", "宁夏", "新疆", "台湾省", "香港", "澳门", "此IP属于本地局域网","本地局域网"};
//nginx的工作空间
private final static String nginxPath = "F:/zty/testlinux/usr/local/nginx/";
//nging的access.log路径
private final static String logPath = nginxPath + "logs/access.log";
//黑名单配置文件路径
private final static String blackListPath = nginxPath + "conf/blackListIp.conf";
private final static String blackListLogPath = nginxPath + "conf/blackListIpLog.log";
//启动脚本文件路径
private final static String binPath = nginxPath + "";
private static String getAddressByIp(String ip) {
try {
URL url = new URL("http://opendata.baidu.com/api.php?query=" + ip + "&co=&resource_id=6006&t=1433920989928&ie=utf8&oe=utf-8&format=json");
URLConnection conn = url.openConnection();
BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream(), "utf-8"));
String line = null;
StringBuffer result = new StringBuffer();
while ((line = reader.readLine()) != null) {
result.append(line);
}
reader.close();
JSONObject jsStr = new JSONObject(result.toString());
JSONArray jsData = (JSONArray) jsStr.get("data");
JSONObject data = (JSONObject) jsData.get(0);//位置
return (String) data.get("location");
} catch (IOException e) {
log.error("getAddressByIp error, ip={},msg={}", ip, e);
return null;
}
}
/**
* 扫描非法IP
* 每隔30秒扫描一次非法IP并加入黑名单
*/
@Scheduled(fixedDelay = 3000)
public void scanForIllegalIP() throws Exception {
List<String> ips = getIps();// 将当前检测国外ip加入黑名单并且返回
if(ips.size() > 0) {
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
System.out.println("deny,国外ip:" + ips + "已写入nginx黑名单列表"+sdf.format(new Date()));
}
}
/**
* 获取国外ip
*
* @return
*/
private List<String> getIps() {
File file = new File(logPath);
if (!file.exists()) {
log.error("{} not exists", logPath);
return null;
}
try {
List<String> lines = new ArrayList<>();
try (BufferedReader reader = new BufferedReader(new FileReader(file))) {
String line;
while ((line = reader.readLine()) != null) {
// 获取access.log中ip
String ip = line.substring(0, line.indexOf(" - - ["));
if (!ip.equals("127.0.0.1")) {
String securityIps = securityIps(ip);// 校验ip是否是国外ip,如果是的写入黑名单
if (Objects.nonNull(securityIps) && !securityIps.isEmpty()) {
lines.add(securityIps);// 国外ip加入黑名单的相应
}
}
}
}
return lines;
} catch (IOException e) {
throw new RuntimeException(e);
}
}
/**
* 将ip写入黑名单
*
* @param ip
* @return
*/
private String securityIps(String ip) {
String location = getAddressByIp(ip);
if (Objects.nonNull(location) && privinces.length > 0) {
List<String> lines = new ArrayList<>();
List<String> notIps = Arrays.stream(privinces).filter(p -> p.contains(location)).collect(Collectors.toList());
if (Objects.nonNull(notIps) && notIps.size() == 0) {
// 写入黑名单时先查询此ip是否写入黑名单
File isExsitfile = new File(blackListPath);
if (!isExsitfile.exists()) {
log.error("{} not exists", logPath);
return null;
}
try {
try (BufferedReader reader = new BufferedReader(new FileReader(isExsitfile))) {
String line;
while ((line = reader.readLine()) != null) {
// 获取blackListIp.conf,判断是否已经写入
if (Objects.nonNull(line) && !line.isEmpty() && !line.contains("127.0.0.1") && !line.contains("#")) {
String newLines = line.replace(" deny ", "").replace(";", "");
lines.add(newLines);
}
}
}
} catch (IOException e) {
throw new RuntimeException(e);
}
}
//第二步,写入非法IP进nginx的blackList文件
try {
List<String> isExit = lines.stream().filter(line -> line.contains(ip)).collect(Collectors.toList());
if (notIps.size()==0&&isExit.size() == 0) {// 国外ip不在白名单中并且没有写入黑名单
File file = new File(blackListPath);
FileWriter out = new FileWriter(file, true);
BufferedWriter bw = new BufferedWriter(out);
bw.write(LINE_SEPARATOR);
bw.write(" deny " + ip + ";");
bw.flush();
bw.close();
log.info("国外:" + location + "IP:{} 已写入nginx黑名单列表", ip);
// 写入nginx黑名单日志
File blackListLog = new File(blackListLogPath);
FileWriter blackListout = new FileWriter(blackListLog, true);
BufferedWriter blackListbw = new BufferedWriter(blackListout);
blackListbw.write(LINE_SEPARATOR);
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
blackListbw.write("deny,国外:" + location + ip + "已写入nginx黑名单列表"+sdf.format(new Date()));
blackListbw.flush();
blackListbw.close();
return ip;
}
} catch (IOException e) {
throw new RuntimeException(e);
}
}
return "";
}
}
