我有一個有點流行的API(每天超過10,000個請求)。從IP地址每天發出10個請求後,我會返回一條消息,告訴用戶如果他們想要使用更多的服務,他們需要咳嗽一些現金。如何阻止來自中國的申請到我的應用程序?
今天早上,我發現我的網絡服務運行速度非常慢。我檢查了數據庫,發現源自中國的IP地址的請求遭到了絕對的垃圾郵件。他們會使用一個IP地址10次,然後遞增最後一個字節。悲傷的時刻。
爲了保證系統的正常運行,我想限制或完全切斷來自中國的請求。什麼是最好的方法來做到這一點? Geolookup每個請求和PHP國家代碼禁止?這似乎是一種低效率的方式。在htaccess級別我無能爲力,是嗎?
只是阻止整個中國IP範圍:在.htaccess
#China
deny from 203.135.96.0/19
deny from 203.208.32.0/19
deny from 202.165.176.0/20
deny from 59.108.0.0/14
deny from 210.25.0.0/16
deny from 202.95.252.0/22
deny from 219.216.0.0/13
deny from 202.170.128.0/19
deny from 60.247.0.0/16
deny from 221.13.0.0/16
deny from 125.96.0.0/15
deny from 202.38.0.0/20
deny from 203.192.0.0/19
deny from 202.122.128.0/24
deny from 218.56.0.0/13
deny from 203.166.160.0/19
deny from 202.122.112.0/21
deny from 203.190.96.0/20
deny from 219.72.0.0/16
deny from 124.172.0.0/15
deny from 210.79.64.0/18
deny from 198.17.7.0/24
deny from 202.168.160.0/19
deny from 203.91.120.0/21
deny from 220.160.0.0/11
deny from 202.127.192.0/20
deny from 202.127.216.0/21
deny from 60.253.128.0/17
deny from 58.82.0.0/15
deny from 202.85.208.0/20
deny from 124.249.0.0/16
deny from 202.90.224.0/20
deny from 59.192.0.0/10
deny from 192.83.122.0/24
deny from 202.38.152.0/22
deny from 202.69.16.0/20
deny from 210.14.128.0/17
deny from 124.240.0.0/17
deny from 222.240.0.0/13
deny from 221.176.0.0/13
deny from 203.191.16.0/20
deny from 124.200.0.0/13
deny from 202.60.112.0/20
deny from 203.94.0.0/19
deny from 221.12.0.0/17
deny from 221.14.0.0/15
deny from 202.152.176.0/20
deny from 121.4.0.0/15
deny from 210.82.0.0/15
deny from 203.152.64.0/19
deny from 121.76.0.0/15
deny from 59.191.0.0/17
deny from 221.196.0.0/15
deny from 202.165.208.0/20
deny from 125.254.128.0/18
deny from 210.14.64.0/19
deny from 203.212.80.0/20
deny from 202.112.0.0/13
deny from 58.87.64.0/18
deny from 61.45.128.0/18
deny from 122.51.0.0/16
deny from 210.32.0.0/12
deny from 202.93.252.0/22
deny from 202.90.0.0/22
deny from 125.216.0.0/13
deny from 222.64.0.0/11
deny from 60.194.0.0/15
deny from 210.23.32.0/19
deny from 124.196.0.0/16
deny from 203.158.16.0/21
deny from 192.124.154.0/24
deny from 122.0.128.0/17
deny from 203.208.16.0/22
deny from 202.127.16.0/20
deny from 202.38.184.0/21
deny from 210.192.96.0/19
deny from 210.56.192.0/19
deny from 202.173.224.0/19
deny from 222.125.0.0/16
deny from 202.20.120.0/24
deny from 58.32.0.0/11
deny from 202.164.0.0/20
deny from 210.5.0.0/19
deny from 202.8.128.0/19
deny from 202.150.16.0/20
deny from 203.86.64.0/19
deny from 202.63.248.0/22
deny from 203.174.96.0/19
deny from 220.252.0.0/16
deny from 210.185.192.0/18
deny from 203.156.192.0/18
deny from 203.110.160.0/19
deny from 203.95.0.0/21
deny from 222.16.0.0/12
deny from 59.172.0.0/15
deny from 202.38.136.0/23
deny from 121.224.0.0/12
deny from 203.191.64.0/18
deny from 221.129.0.0/16
deny from 121.40.0.0/14
deny from 210.21.0.0/16
deny from 59.151.0.0/17
deny from 202.170.216.0/21
deny from 203.130.32.0/19
deny from 121.100.128.0/17
deny from 202.127.12.0/22
deny from 124.254.0.0/18
deny from 203.135.160.0/20
deny from 124.250.0.0/15
deny from 202.14.88.0/24
deny from 202.181.112.0/20
deny from 202.38.160.0/23
deny from 219.242.0.0/15
deny from 203.191.144.0/20
deny from 220.242.0.0/15
deny from 61.29.128.0/17
deny from 221.133.224.0/19
deny from 203.196.0.0/21
deny from 202.0.176.0/22
deny from 122.0.64.0/18
deny from 220.154.0.0/15
deny from 222.168.0.0/13
deny from 220.248.0.0/14
deny from 218.185.192.0/19
deny from 124.160.0.0/13
deny from 202.38.168.0/21
deny from 121.56.0.0/15
deny from 121.55.0.0/18
deny from 202.91.128.0/22
deny from 121.59.0.0/16
deny from 123.49.128.0/17
deny from 220.232.64.0/18
deny from 203.100.32.0/20
deny from 202.122.32.0/21
deny from 202.38.138.0/24
deny from 202.14.235.0/24
deny from 203.171.224.0/20
deny from 202.4.252.0/22
deny from 124.224.0.0/12
deny from 202.38.128.0/21
deny from 121.51.0.0/16
deny from 202.127.112.0/20
deny from 166.111.0.0/16
deny from 124.108.40.0/21
deny from 203.207.128.0/17
deny from 218.104.0.0/14
deny from 58.30.0.0/15
deny from 124.156.0.0/16
deny from 202.14.236.0/23
deny from 125.31.192.0/18
deny from 203.90.128.0/18
deny from 124.66.0.0/17
deny from 202.136.208.0/20
deny from 210.16.128.0/18
deny from 221.0.0.0/13
deny from 203.128.32.0/19
deny from 61.128.0.0/10
deny from 58.116.0.0/14
deny from 202.130.0.0/19
deny from 192.83.169.0/24
deny from 202.94.0.0/19
deny from 202.46.32.0/19
deny from 60.232.0.0/15
deny from 61.87.192.0/18
deny from 203.222.42.64/26
deny from 60.255.0.0/16
deny from 124.20.0.0/15
deny from 121.32.0.0/13
deny from 202.38.140.0/22
deny from 203.184.80.0/20
deny from 58.144.0.0/16
deny from 210.15.0.0/17
deny from 124.68.0.0/14
deny from 219.128.0.0/11
deny from 121.204.0.0/14
deny from 202.127.128.0/19
deny from 218.64.0.0/11
deny from 124.108.8.0/21
deny from 125.213.0.0/17
deny from 202.74.8.0/21
deny from 61.236.0.0/15
deny from 61.48.0.0/13
deny from 219.224.0.0/12
deny from 121.0.16.0/20
deny from 125.98.0.0/16
deny from 222.192.0.0/11
deny from 202.180.128.0/19
deny from 121.89.0.0/16
deny from 202.96.0.0/12
deny from 203.100.80.0/20
deny from 203.88.192.0/19
deny from 121.248.0.0/14
deny from 221.200.0.0/13
deny from 202.38.158.0/23
deny from 202.38.149.0/24
deny from 162.105.0.0/16
deny from 210.15.128.0/18
deny from 221.172.0.0/14
deny from 125.215.0.0/18
deny from 218.192.0.0/12
deny from 202.131.48.0/20
deny from 202.92.252.0/22
deny from 220.192.0.0/12
deny from 202.38.146.0/23
deny from 203.95.96.0/19
deny from 202.69.4.0/22
deny from 58.128.0.0/13
deny from 203.118.192.0/19
deny from 203.128.96.0/19
deny from 202.136.224.0/20
deny from 222.126.128.0/17
deny from 122.200.64.0/18
deny from 61.8.160.0/20
deny from 202.38.150.0/23
deny from 58.192.0.0/11
deny from 203.212.0.0/20
deny from 124.248.0.0/17
deny from 222.128.0.0/12
deny from 203.92.0.0/22
deny from 202.38.192.0/18
deny from 221.199.224.0/19
deny from 210.79.224.0/19
deny from 202.91.0.0/22
deny from 221.224.0.0/12
deny from 203.208.0.0/20
deny from 203.207.64.0/18
deny from 202.149.160.0/19
deny from 202.149.224.0/19
deny from 202.189.80.0/20
deny from 203.80.144.0/20
deny from 58.66.0.0/15
deny from 202.70.0.0/19
deny from 210.78.0.0/16
deny from 203.209.224.0/19
deny from 202.131.16.0/21
deny from 58.24.0.0/15
deny from 202.179.240.0/20
deny from 202.4.128.0/19
deny from 202.14.238.0/24
deny from 222.176.0.0/12
deny from 222.160.0.0/14
deny from 220.112.0.0/14
deny from 167.139.0.0/16
deny from 122.4.0.0/14
deny from 202.153.48.0/20
deny from 221.12.128.0/18
deny from 211.144.0.0/12
deny from 211.64.0.0/13
deny from 124.6.64.0/18
deny from 125.112.0.0/12
deny from 203.83.56.0/21
deny from 124.29.0.0/17
deny from 124.16.0.0/15
deny from 202.136.48.0/20
deny from 61.47.128.0/18
deny from 124.40.128.0/18
deny from 202.127.212.0/22
deny from 203.148.0.0/18
deny from 59.64.0.0/12
deny from 122.48.0.0/16
deny from 124.42.0.0/17
deny from 218.249.0.0/16
deny from 124.242.0.0/16
deny from 203.132.32.0/19
deny from 203.79.0.0/20
deny from 202.38.176.0/23
deny from 202.43.144.0/20
deny from 202.123.96.0/20
deny from 203.175.192.0/18
deny from 125.171.0.0/16
deny from 211.136.0.0/13
deny from 203.128.128.0/19
deny from 192.188.170.0/24
deny from 122.8.0.0/13
deny from 124.67.0.0/16
deny from 202.91.176.0/20
deny from 124.243.192.0/18
deny from 221.122.0.0/15
deny from 203.90.0.0/22
deny from 210.28.0.0/14
deny from 202.122.64.0/19
deny from 220.231.0.0/18
deny from 210.52.0.0/15
deny from 220.234.0.0/16
deny from 202.38.164.0/22
deny from 202.127.224.0/19
deny from 203.81.16.0/20
deny from 202.127.48.0/20
deny from 134.196.0.0/16
deny from 218.0.0.0/11
deny from 60.63.0.0/16
deny from 203.93.0.0/16
deny from 124.72.0.0/13
deny from 61.240.0.0/14
deny from 202.127.40.0/21
deny from 202.127.208.0/23
deny from 125.210.0.0/16
deny from 211.96.0.0/13
deny from 61.28.0.0/17
deny from 60.235.0.0/16
deny from 202.158.160.0/19
deny from 121.46.0.0/15
deny from 59.80.0.0/14
deny from 203.176.168.0/21
deny from 121.60.0.0/14
deny from 202.143.16.0/20
deny from 58.154.0.0/15
deny from 221.208.0.0/12
deny from 210.51.0.0/16
deny from 218.108.0.0/15
deny from 61.232.0.0/14
deny from 121.201.0.0/16
deny from 124.88.0.0/13
deny from 221.198.0.0/16
deny from 203.161.192.0/19
deny from 203.119.32.0/22
deny from 202.38.156.0/24
deny from 202.92.0.0/22
deny from 221.130.0.0/15
deny from 168.160.0.0/16
deny from 222.32.0.0/11
deny from 203.86.0.0/18
deny from 121.16.0.0/12
deny from 203.92.160.0/19
deny from 202.46.224.0/20
deny from 121.8.0.0/13
deny from 59.107.0.0/16
deny from 203.91.96.0/20
deny from 122.198.0.0/16
deny from 221.8.0.0/14
deny from 219.82.0.0/16
deny from 202.93.0.0/22
deny from 60.55.0.0/16
deny from 125.64.0.0/11
deny from 203.187.160.0/19
deny from 58.14.0.0/15
deny from 124.64.0.0/15
deny from 202.38.64.0/18
deny from 125.58.128.0/17
deny from 203.119.24.0/21
deny from 203.100.192.0/20
deny from 202.165.96.0/20
deny from 202.160.176.0/20
deny from 221.192.0.0/14
deny from 202.120.0.0/15
deny from 203.100.96.0/19
deny from 202.127.160.0/21
deny from 202.75.208.0/20
deny from 125.62.0.0/18
deny from 124.220.0.0/14
deny from 202.91.224.0/19
deny from 202.10.64.0/20
deny from 202.90.252.0/22
deny from 202.127.0.0/21
deny from 220.231.128.0/17
deny from 60.208.0.0/12
deny from 218.96.0.0/14
deny from 203.222.192.0/20
deny from 60.200.0.0/13
deny from 210.87.128.0/18
deny from 125.208.0.0/18
deny from 210.22.0.0/16
deny from 125.32.0.0/12
deny from 121.58.0.0/17
deny from 202.136.252.0/22
deny from 221.199.0.0/17
deny from 203.99.16.0/20
deny from 203.175.128.0/19
deny from 203.91.32.0/19
deny from 210.76.0.0/15
deny from 60.245.128.0/17
deny from 121.192.0.0/14
deny from 203.89.0.0/22
deny from 220.152.128.0/17
deny from 210.72.0.0/14
deny from 58.16.0.0/13
deny from 202.0.110.0/24
deny from 121.68.0.0/14
deny from 202.41.152.0/21
deny from 202.131.208.0/20
deny from 221.199.192.0/20
deny from 203.223.0.0/20
deny from 124.112.0.0/13
deny from 202.125.176.0/20
deny from 203.90.192.0/19
deny from 123.99.128.0/17
deny from 221.199.128.0/18
deny from 60.0.0.0/11
deny from 202.142.16.0/20
deny from 161.207.0.0/16
deny from 202.130.224.0/19
deny from 159.226.0.0/16
deny from 210.5.128.0/19
deny from 58.100.0.0/15
deny from 124.47.0.0/18
deny from 221.136.0.0/15
deny from 218.240.0.0/13
deny from 203.134.240.0/21
deny from 58.240.0.0/12
deny from 202.141.160.0/19
deny from 210.12.0.0/15
deny from 203.88.32.0/19
deny from 202.148.96.0/19
deny from 202.95.0.0/19
deny from 222.248.0.0/15
deny from 211.160.0.0/13
deny from 203.99.80.0/20
deny from 60.160.0.0/11
deny from 202.41.240.0/20
deny from 122.49.0.0/18
deny from 211.80.0.0/12
deny from 123.199.128.0/17
deny from 202.192.0.0/12
deny from 202.22.248.0/21
deny from 219.244.0.0/14
deny from 202.122.0.0/21
deny from 59.32.0.0/11
deny from 125.104.0.0/13
deny from 124.192.0.0/15
deny from 124.147.128.0/17
deny from 124.128.0.0/13
deny from 202.173.8.0/21
deny from 210.26.0.0/15
deny from 121.48.0.0/15
deny from 220.101.192.0/18
這個名單的來源是什麼?如果它經常變化怎麼辦? – webbiedave 2011-05-13 16:48:00
即時通訊不知道,我想我在谷歌搜索塊中國ips,它也帶有韓國,俄羅斯,印度名單。 – 2011-05-13 16:53:30
他們現在可能正在使用中國的IP地址,但禁止一個國家和最終另一個國家將是問題。主要是因爲國家與它無關;用戶是問題。您不應該禁止使用IP範圍,而應該每檢測一次IP地址就會增加一個八位字節。
封鎖施虐者的整個子網以暫時解決問題。這些類型的用戶也會出現在其他國家,所以最好的辦法可能是要求註冊和API密鑰來使用API。
如果您仍然希望根據IP而不是API密鑰進行阻止,請檢查濫用子網使用whois(或BGP)的程度,並阻止整個IP範圍。
我使用的MaxMind GeoIP的Web服務:http://www.maxmind.com/en/web_services#country
你得到2000000個查詢$ 200。效果出色,延遲低,您不必維護本地數據庫。
不要在.htaccess級別執行此操作。到那時,連接已經完成並吸取服務器資源,即使它剛剛被拒絕。阻止訪問防火牆。 – 2011-05-13 16:17:19
也許你可以快速檢查IP在中國的IP是否被他們的數據塊所覆蓋? http://www.nirsoft.net/countryip/cn.html – 2011-05-13 16:17:20
據說這是一箇中國IP範圍列表:http://www.wizcrafts.net/chinese-blocklist.html不知道它有多合理,但填充那些在你的防火牆中的阻斷規則將理論上解決你的垃圾郵件問題。 – 2011-05-13 16:19:02