NGINX区域封锁并加白某IP

nginx.conf

user  nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    use epoll;
    worker_connections 51200;
    multi_accept on;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" "$http_host"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    server_names_hash_max_size 4096;
    server_names_hash_bucket_size 2048;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 50m;
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
    gzip_vary on;
    gzip_proxied   expired no-cache no-store private auth;
    gzip_disable   "MSIE [1-6]\.";
    server_tokens off;
    geoip_country /usr/share/GeoIP/GeoIP.dat;
    fastcgi_param  COUNTRY_CODE "$geoip_country_code";
    fastcgi_param  HTTP_COUNTRY_CODE "$geoip_country_code";
    geo $remote_addr $ip_whitelist1 {
    default 0;
    include ip1.conf;
    }
    geo $remote_addr $ip_whitelist2 {
    default 0;
    include ip2.conf;
    }
    geo $remote_addr $ip_whitelist3 {
    default 0;
    include ip3.conf;
    }
    geo $remote_addr $ip_whitelist4 {
    default 0;
    include ip4.conf;
    }
    include /etc/nginx/conf.d/*.conf;
}
##################################################################################################################################################
ip.conf

1.1.1.1 1;
2.2.2.2 1;
3.3.3.3 1;
##################################################################################################################################################
server

server {
    listen 443 ssl;
    include domain/123.txt;
    ssl_certificate     ssl/123.crt;
    ssl_certificate_key ssl/123.key;
    access_log  /var/log/nginx/info.log main;
    location / {
	        if ($ip_whitelist1 = 1) {		    
                proxy_pass https://8.8.8.8;
                break;
                }
	        if ($geoip_country_code ~* (MO|SG|HK)) {
                return 403;
                }
	        if ($geoip_country_code !~* (MO|SG|HK)) {
                proxy_pass https://8.8.8.8;
                break;
                }
                index index.jsp index.htm index.html;
                proxy_redirect off;
                proxy_set_header Host $host;
                proxy_headers_hash_max_size 51200;
                proxy_headers_hash_bucket_size 6400;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $http_x_forwarded_for;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
##################################################################################################################################################

域名随机跳转-腾讯判定

<!DOCTYPE html>

<html lang="en">

<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta name="viewport"
          content="width=device-width, initial-scale=1, user-scalable=yes, minimum-scale=1, maximum-scale=1.0">
    <meta name="format-detection" content="telephone=no">
    <title></title>
    <style type="text/css">
        .tips-txt {
            display: none;
            text-align: center;
            font-size: 18px;
            color: #333;
        }

        .width-100 {
            display: block;
            max-width: 100%;
            height: auto;
            margin: auto;
        }
    </style>
</head>

<body>
<div class="tips-txt" id="tipsTxt">
    <img src="https://www.15920760983.cn/jumpout.png" class="width-100">
</div>

<script type="text/javascript">
    var urlList = ['https://www.test1.com', 'https://www.test2.com', 'https://www.test3.com',
        'https://www.test4.com', 'https://www.test5.com'];
    var urlTest = urlList[Math.floor(Math.random() * urlList.length)];
    var u = navigator.userAgent;
    var isWechat = (u.match(/MicroMessenger/i));
    // var isQQ = (u.match(/QQ/i));

    var qqBrowser = false, qqWebview = false;

    var browser = navigator.userAgent.toLowerCase();
    if (browser.indexOf('qbwebviewtype') != -1 && browser.indexOf('mqqbrowser') == -1) {
        //qq内置浏览器
        qqWebview = true;
    } else if (browser.indexOf('qbwebviewtype') != -1 && browser.indexOf("mqqbrowser") != -1) {
        //qq浏览器
        qqBrowser = true;
    }

    if (isWechat) {
        var styleElement = document.getElementById('tipsTxt');
        styleElement.setAttribute('style', 'display: block');
    }// QQ内置浏览器
    else if (qqWebview == true && qqBrowser != true) {
        var styleElement = document.getElementById('tipsTxt');
        styleElement.setAttribute('style', 'display: block');
    }
    // QQ浏览器
    else if (qqBrowser == true && qqWebview != true) {
        window.location.href = urlTest;
    } else {
        window.location.href = urlTest;
    }
</script>

</body>

</html>

域名随机跳转

<html>
<head>
    <script>
        var arr =
            "https://minglichengxin.com," +
            "https://tuanjieyouai.com," +
            "https://qinjianziqiang.com," +
            "https://jingyefengxian.com," +
            "https://aiguoshoufa.com," +
            "https://www.minglichengxin.com," +
            "https://www.tuanjieyouai.com," +
            "https://www.qinjianziqiang.com," +
            "https://www.jingyefengxian.com," +
            "https://www.aiguoshoufa.com";
 

        arr = arr.split(",");
        var rand = parseInt(Math.random() * arr.length);
        window.location.href = arr[rand];
        
    </script>
</head>
<body></body>
</html>

NGINX 安装GEOIP模块

***********************************************************************
1:
nginx -V
***********************************************************************
2:
下载与现有版本相同的nginx包,并解压
***********************************************************************
3:
安装GEOIP模块
yum -y install geoip-devel
***********************************************************************
4:
安装依赖包
yum -y install gcc gcc-c++ autoconf automake make
yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel
yum -y install libxslt-devel libxml2 libxml2-dev gd-devel redhat-rpm-config perl-devel perl-ExtUtils-Embed gperftools
./configure 原模块 --with-http_geoip_module
***********************************************************************
5:
make && make install
***********************************************************************
6:
http增加
geoip_country /usr/share/GeoIP/GeoIP.dat;  
map $geoip_country_code $allowed_country {   
     default no;     
     CN yes;
     PH yes;
}

Server增加
if ($allowed_country = no) {
          return 404;
}
***********************************************************************
7:
或者
geoip_country /usr/share/GeoIP/GeoIP.dat;
fastcgi_param  COUNTRY_CODE "$geoip_country_code";
fastcgi_param  HTTP_COUNTRY_CODE "$geoip_country_code";

if ($geoip_country_code ~* (US|CN)) {
          return 404;
}
***********************************************************************
8:
封锁地区加白某些IP
http处添加
geoip_country /usr/share/GeoIP/GeoIP.dat; 
geo $remote_addr $ip_whitelist {
default 0;
include ip.conf;
}

Server处添加
if ($ip_whitelist = 1) {
proxy_pass http://web;
break;
}
#屏蔽的国家返回403
if ($geoip_country_code ~ "(HK|TW|PH|MO|US)") {
return 403;
}
proxy_pass http://web;
}
***********************************************************************

判断设备跳转

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>xxxxx</title>
    <script>

        if (!isMobile()) { // PC
            window.location.href = "http://test1.com";
        } else { // mobile
            window.location.href = "http://test2.com";
        }

        //判断Mobile装置
        function isMobile() {
            return (/AppleWebKit.*Mobile/i.test(navigator.userAgent)
                || /Android/i.test(navigator.userAgent)
                || /BlackBerry/i.test(navigator.userAgent)
                || /IEMobile/i.test(navigator.userAgent)
                || (/MIDP|SymbianOS|NOKIA|SAMSUNG|LG|NEC|TCL|Alcatel|BIRD|DBTEL|Dopod|PHILIPS|HAIER|LENOVO|MOT-|Nokia|SonyEricsson|SIE-|Amoi|ZTE/.test(navigator.userAgent)));
        }

    </script>
</head>
<body>

</body>
</html>

判断跳转

功能如下:
1:判断QQ浏览器,进行引导页访问跳转
2:如果是QQ浏览器访问,则展示引导页,引导访客使用其他浏览器访问
3:如果是其他浏览器(PC或移动端),直接跳转
4:按照引导页操作后,会访问“域名”+port
5:用户部署服务的时候,需要部署对应“port”的跳转服务,跳转到目标域名
6:前端代码在附件