之前公司网站被DDOS攻击了(另一同事取了个别名叫流量攻击)
刚刚一个朋友的网站(还是个企业级的)也被这样攻击了 聊天中看出很无奈的样子
在这请问下各位有经验的朋友 想这样的DDOS和CC攻击如何防范?
防火墙?代码优化(缓存来存储重复的查询内容)、页面尽可能的使用静态?
限制IP(或IP段)?
服务器升级(这个开销有点大,对于一般网站有些浪费)
之前我也回答过别人的屏蔽来防止攻击,如
http://topic.csdn.net/u/20111116/17/01ed7821-cc2e-4775-abc1-17aa72d675ae
但这样的防范能防范多少呢?现在来看有没有有效的防范方案(开销不要无止境的那种)
这儿附上我之前做的一个根据IP拒绝访问的解决方案的部分代码(客户端记录访问,并根据黑白名单是否拒绝请求,服务端分析数据,入库等,并做成WINDOWS服务 ROMOTING通信):
- C# code
/// <summary> /// 名 称:<br> /// </summary> /// <remarks> /// 版 本:1.0<br> /// 作 者:****<br> /// 创始时间:2011-5-20 17:00:02<br> /// 描 述: /// ----------修改记录------------<br> /// </remarks> public class WarningHttpModule : IHttpModule, IRequiresSessionState { protected static readonly ILog log = LogManager.GetLogger("*******"); protected static Thread thread = null; protected static IVisitAnalysisHandle analysisHander = null; protected static VisitManager visitManager = VisitManager.GetInstance(); private static object LockHelper = new object(); static WarningHttpModule() { if (null == thread) { lock (LockHelper) { if (null == thread) { thread = new Thread(new ThreadStart(Process)); thread.Start(); } } } if (null == analysisHander) { lock (LockHelper) { if (null == analysisHander) { try { analysisHander = (IVisitAnalysisHandle)Activator.GetObject(typeof(IVisitAnalysisHandle), "tcp://127.0.0.1:6666/GNT"); } catch (Exception ex) { throw new Exception("注册预警系统信道失败", ex); ; } } } } } private void Application_BeginRequest(object sender, EventArgs e) { HttpApplication application = (HttpApplication)sender; HttpContext context = application.Context; HttpRequest request = application.Request; HttpResponse response = application.Response; string url = request.RawUrl.ToLower(); //获取当前原始请求的url string ip = request.UserHostAddress; string extension = System.IO.Path.GetExtension(url).ToLower(); //是需要检测的页面 if (extension != ".aspx" && extension != ".asmx" && extension != ".ashx") { return; } //在白名单范围内 if (visitManager.IsInWhiteListIP(ip)) { return; } //添加到访问记录里面 visitManager.AddRequest(DateTime.Now, ip, url); //如果是异常ip的请求页 if (url == "/visitwarning.aspx") { string userCode = string.Empty; string sessionCode = string.Empty; if (request["AuthCode"] != null) { userCode = request["AuthCode"].ToString().ToLower(); } if (HttpContext.Current.Session != null && HttpContext.Current.Session["visitwarningcode"] != null) { sessionCode = (context.Session["visitwarningcode"] as string).ToLower(); } if (userCode == sessionCode && !string.IsNullOrEmpty(userCode)) { visitManager.RemoveBlackListIP(ip); response.Redirect("/Index.aspx"); } } else { //是否是黑名单 if (visitManager.IsInBlackListIP(ip)) { response.Redirect("/VisitWarning.aspx"); } } } static void Process() { while (true) { try { //分析上一分钟的数据 DateTime dt = DateTime.Now.AddMinutes(-1); Dictionary<string, Dictionary<string, int>> dic = visitManager.GetRequestRecord(dt); //清空数据 visitManager.RemoveRequestRecord(dt); List<BlackIP> blackIP = analysisHander.AnalysisVisit(dic); foreach (BlackIP ip in blackIP) visitManager.AddBlackListIP(ip); } catch (ThreadAbortException tae) { Thread.ResetAbort(); log.Error("预警系统线程异常!", tae); } catch (Exception ex) { log.Error("预警系统异常!", ex); } finally { Thread.Sleep(60 * 1000); } } } public void Init(HttpApplication application) { //之前拦截阶段 //application.BeginRequest += new EventHandler(Application_BeginRequest); application.AcquireRequestState += new EventHandler(Application_BeginRequest); } public void Dispose() { } }黑名单类:public class BlackListIP { public BlackListIP() { InitBlackListIP(); } static object LockHelper = new object(); List<BlackIP> ipList = new List<BlackIP>(); /// <summary> /// 初始化黑名单ip /// </summary> /// <param name="ipList"></param> void InitBlackListIP() { //从数据库读取被名单数据并添加 IBlackIpInfoBll blackIpInfoBll = BllFactory.GetBll<IBlackIpInfoBll>(); List<BlackIpInfo> list = blackIpInfoBll.GetBlackIpInfoList(BlackIpState.Exception); foreach(BlackIpInfo blackIpInfo in list) { BlackIP blackIp = new BlackIP(); blackIp.IP = blackIpInfo.BlackIp; blackIp.LimitedEndTime = blackIpInfo.LimitedEndTime == null ? DateTime.Now.AddMinutes(10) : DateTime.Parse(blackIpInfo.LimitedEndTime.ToString()); ipList.Add(blackIp); } } /// <summary> /// 是否是黑名单ip /// </summary> /// <param name="ip"></param> /// <returns></returns> public bool IsInBlackListIP(string ip) { return ipList.Exists((b) => { return b.IP == ip && b.LimitedEndTime > DateTime.Now; }); } /// <summary> /// 移除某个黑名单ip /// </summary> /// <param name="ip"></param> public void RemoveBlackListIP(string ip) { lock (LockHelper) ipList.RemoveAll((b) => { return b.IP == ip; }); } /// <summary> /// 添加某个黑名单ip /// </summary> /// <param name="ip"></param> public void AddBlackListIP(BlackIP ip) { BlackIP blackIP = ipList.Find((b) => { return b.IP == ip.IP; }); if (blackIP != null) { if (ip.LimitedEndTime > blackIP.LimitedEndTime) blackIP.LimitedEndTime = ip.LimitedEndTime; } else { lock (LockHelper) { ipList.Add(ip); } } } /// <summary> /// 获取所有黑名单ip /// </summary> /// <returns></returns> public List<BlackIP> GetAllBlackListIP() { List<BlackIP> list = new List<BlackIP>(ipList); return list; } }