{"id":275479,"date":"2016-03-04T09:58:02","date_gmt":"2016-03-04T06:58:02","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=275479"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=275479","title":{"rendered":"\u041a\u0430\u043a \u043c\u044b \u0431\u043e\u0440\u043e\u043b\u0438\u0441\u044c \u0441 \u043f\u0430\u0440\u0441\u0435\u0440\u0430\u043c\u0438"},"content":{"rendered":"

\"image\"\/
\u041a\u043b\u044e\u0447\u0435\u0432\u044b\u0435 \u043c\u043e\u043c\u0435\u043d\u0442\u044b:
* \u0420\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 PTR \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u0435\u0439;
* \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 nginx \u0432 IfIsEvil-style \u0441 \u0432\u0435\u0442\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 map;
* \u0418\u043c\u0435\u043d\u0430 location \u0432 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 map;
* \u0423\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432\u0435\u0442\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0447\u0435\u0440\u0435\u0437 try_files \/nonexist $map_var.<\/p>\n

\u041c\u043d\u043e\u0433\u0438\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u043d\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0438 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0441\u0430\u0439\u0442\u044b \u0441\u0442\u0440\u0430\u0434\u0430\u044e\u0442 \u043e\u0442 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u043a\u0440\u043e\u043c\u0435 \u0436\u0438\u0432\u044b\u0445 \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u0435\u0439 \u0438\u0445 \u043f\u043e\u0441\u0435\u0449\u0430\u044e\u0442 \u0440\u0430\u0437\u043d\u043e\u043e\u0431\u0440\u0430\u0437\u043d\u044b\u0435 \u043f\u0430\u0440\u0441\u0435\u0440\u044b, \u0431\u043e\u0442\u044b \u0438 \u043f\u0440\u043e\u0447\u0438\u0435 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0441\u043a\u0430\u043d\u0435\u0440\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u043d\u0435\u0441\u0443\u0442 \u043d\u0438\u043a\u0430\u043a\u043e\u0433\u043e \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0433\u043e \u044d\u0444\u0444\u0435\u043a\u0442\u0430, \u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u043e\u0437\u0434\u0430\u044e\u0442 \u043f\u0430\u0440\u0430\u0437\u0438\u0442\u043d\u044b\u0439 \u0442\u0440\u0430\u0444\u0438\u043a \u0438 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u043d\u0430, \u0438 \u0431\u0435\u0437 \u0442\u043e\u0433\u043e, \u043d\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443. \u0412 \u0434\u0430\u043d\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u044f \u043d\u0435 \u0438\u043c\u0435\u044e \u0432\u0438\u0434\u0443 \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u044b\u0445 \u0431\u043e\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0445\u043e\u0442\u044c \u0438 \u0437\u0430\u0447\u0430\u0441\u0442\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0436\u0430\u044e\u0442 \u043f\u0440\u043e\u0435\u043a\u0442 \u043d\u0435 \u043d\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043e, \u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b \u043b\u044e\u0431\u043e\u043c\u0443 \u043f\u0440\u043e\u0435\u043a\u0442\u0443.
\u041e\u0434\u0438\u043d \u0438\u0437 \u043d\u0430\u0448\u0438\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u0438\u0441\u043f\u044b\u0442\u044b\u0432\u0430\u043b \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043b\u0430\u0432\u0438\u043d\u043e\u043e\u0431\u0440\u0430\u0437\u043d\u043e\u0433\u043e \u0440\u043e\u0441\u0442\u0430 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0441\u0443\u0442\u043e\u043a. \u041f\u0435\u0440\u0438\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u0438, \u0440\u0430\u0437 \u0432 \u0441\u0443\u0442\u043a\u0438 \u0438 \u0447\u0430\u0449\u0435 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u043b\u0438 \u043d\u0430\u043f\u043b\u044b\u0432\u044b \u043f\u043e\u0441\u0435\u0449\u0435\u043d\u0438\u0439 \u0441\u043e \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u0440\u043e\u0441\u0442\u043e\u043c LA \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445. \u0411\u044b\u043b\u043e \u043f\u0440\u0438\u043d\u044f\u0442\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u043f\u043e\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0437\u0430\u0449\u0438\u0442\u0443 \u043e\u0442 \u043f\u0430\u0440\u0430\u0437\u0438\u0442\u043d\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430.<\/p>\n

<\/a><\/p>\n

\u041c\u044b<\/a> \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438, \u0447\u0442\u043e \u0443 \u043f\u0430\u0440\u0430\u0437\u0438\u0442\u043d\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u0438\u043c\u0435\u044e\u0442\u0441\u044f \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043f\u0430\u0442\u0442\u0435\u0440\u043d\u044b \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0438 \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u0430, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e:<\/h5>\n

* \u041f\u043e \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0443 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u2013 \u043f\u043e\u0434\u0441\u0435\u0442\u0438 Amazon, Tor;
* \u041f\u043e \u0442\u043e\u0447\u043a\u0430\u043c \u0432\u0445\u043e\u0434\u0430 \u2013 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043a \u0440\u0430\u0437\u0434\u0435\u043b\u0443 \u0442\u043e\u0432\u0430\u0440\u043e\u0432;
* \u041f\u043e UserAgent \u2013 \u043e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0431\u043e\u0442\u043e\u0432 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u043b\u0438 UA \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u0438\u043a\u043e\u0432 Google, Yandex, Bing, \u043d\u043e \u043e\u0431\u044a\u0435\u043a\u0442\u0438\u0432\u043d\u043e \u043d\u0435 \u044f\u0432\u043b\u044f\u043b\u0438\u0441\u044c \u0438\u043c\u0438;
* \u041f\u043e \u0440\u0435\u0444\u0435\u0440\u0435\u0440\u0443 \u2013 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0440\u0435\u0444\u0435\u0440\u0435\u0440 \u0431\u044b\u043b \u043f\u0443\u0441\u0442\u043e\u0439.<\/p>\n

\u0420\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438, \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0438 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438:<\/h5>\n

* \u0412\u0440\u0443\u0447\u043d\u0443\u044e \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0438 \u0437\u0430\u0440\u0430\u043d\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 IP \u0432 \u0431\u0435\u043b\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a
* \u0418 \u0440\u0430\u043d\u0435\u0435 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 IP \u2013 \u0432 \u0447\u0435\u0440\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a
* \u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 limit_req_zone \u0434\u043b\u044f \u0432\u0441\u0435\u0445, \u043a\u0440\u043e\u043c\u0435 \u0431\u0435\u043b\u044b\u0445 \u0441\u043f\u0438\u0441\u043a\u043e\u0432
* \u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u0435\u0439 \u0441 UA \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u0438\u043a\u043e\u0432 \u043d\u0430 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0435 PTR-\u0437\u0430\u043f\u0438\u0441\u0438 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0438\u043c PTR-\u0437\u0430\u043f\u0438\u0441\u044f\u043c \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u0438\u043a\u043e\u0432 \u0438 \u043f\u043e\u043c\u0435\u0449\u0430\u0435\u043c \u0432 \u0431\u0435\u043b\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u0445 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0438 \u0432\u0441\u0435\u0433\u0434\u0430 \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u043c \u0438\u0445.
* \u041f\u0440\u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0438 LA \u043f\u043e\u0440\u043e\u0433\u0430 \u00ab\u0410\u0442\u0430\u043a\u0430\u00bb:
** \u041d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u0445 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 UA \u043f\u043e PTR \u043c\u044b \u0437\u0430\u043d\u043e\u0441\u0438\u043c \u0432 \u0447\u0435\u0440\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0438 \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u043c.
** \u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u043f\u043e\u0432\u0442\u043e\u0440\u044f\u0435\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0444\u0435\u0440\u0435\u0440\u043e\u0432 \u0432 access-\u043b\u043e\u0433\u0435 \u0438 \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u043c \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u0435\u0439 \u0441 \u0440\u0435\u0444\u0435\u0440\u0435\u0440\u043e\u043c, \u043f\u0440\u0435\u0432\u044b\u0441\u0438\u0432\u0448\u0438\u043c \u0437\u0430\u0434\u0430\u043d\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0432\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0439
** \u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u043a\u0430\u043f\u0447\u0435\u0439 \u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u043c \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0445\u0430.<\/p>\n

\u041f\u0435\u0440\u0432\u044b\u0435 \u0442\u0440\u0438 \u043f\u0443\u043d\u043a\u0442\u0430 \u044d\u0442\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u044f, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 \u043e\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u044e\u0441\u044c \u043d\u0430 \u043d\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u0435\u0439 \u043f\u043e PTR, \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 nginx c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043a\u043e\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0438 try_files \/nonexist $map_var \u0438 \u0441\u043b\u043e\u0436\u043d\u044b\u0445 map.<\/p>\n

\u041c\u044b \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043b\u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u0435\u0439 \u0441 UA \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u0438\u043a\u043e\u0432 \u043d\u0430 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0435 PTR-\u0437\u0430\u043f\u0438\u0441\u0438 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0438\u043c PTR-\u0437\u0430\u043f\u0438\u0441\u044f\u043c \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u0438\u043a\u043e\u0432.<\/h5>\n

\u041e\u043d \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u043f\u043e cron \u0440\u0430\u0437 \u0432 \u043c\u0438\u043d\u0443\u0442\u0443. \u041f\u043e \u0443\u043d\u0438\u043a\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0441\u043f\u0438\u0441\u043a\u0443 IP \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u0435\u0439 \u0441 UA \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u0438\u043a\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 PTR \u0438 \u0441\u0432\u0435\u0440\u044f\u0435\u0442 \u0434\u043e\u043c\u0435\u043d\u043d\u043e\u0435 \u0438\u043c\u044f \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f. \u0415\u0441\u043b\u0438 \u0434\u043e\u043c\u0435\u043d \u0441\u043e\u0432\u043f\u0430\u0434\u0430\u0435\u0442, \u0442\u043e \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u0442 IP \u0432 \u0431\u0435\u043b\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a, \u0438\u043d\u0430\u0447\u0435 \u0432 \u0447\u0435\u0440\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a. \u041f\u0440\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u0441\u043f\u0438\u0441\u043a\u0430, \u0441\u043a\u0440\u0438\u043f\u0442 \u043d\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 PTR \u0443\u0436\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0440\u0430\u043d\u0435\u0435 IP \u0434\u043b\u044f \u0443\u0441\u043a\u043e\u0440\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442\u044c \u043f\u043e \u0441\u043f\u0438\u0441\u043a\u0443 IP \u0438\u0437 access-\u043b\u043e\u0433\u0430 \u0435\u0436\u0435\u043c\u0438\u043d\u0443\u0442\u043d\u043e \u0434\u0430\u0436\u0435 \u043f\u0440\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u0438 \u043d\u0430\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f access-\u043b\u043e\u0433\u0430. \u0417\u0430\u043f\u0438\u0441\u0438 \u0432 \u0447\u0435\u0440\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0437\u0430\u043d\u043e\u0441\u044f\u0442\u0441\u044f \u0441 \u0443\u043a\u0430\u0437\u0430\u043d\u0438\u0435\u043c \u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u0441\u043f\u0438\u0441\u043a\u0430 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0434\u043b\u044f \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e\u0439 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u043e\u0431\u0449\u0438\u0445 IP \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u0445 NAT \u0441\u0435\u0442\u044f\u0445.<\/p>\n

\u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043c\u044b \u0444\u043e\u0440\u043c\u0438\u0440\u0443\u0435\u043c \u0438 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c \u0444\u0430\u0439\u043b\u044b ptr_blacklist.map \u0438 ptr_whitelist.map \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u043d\u043a\u043b\u0443\u0434\u044f\u0442\u0441\u044f \u0432 \u043a\u043e\u043d\u0444\u0438\u0433 nginx.<\/p>\n

\u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u0435\u0436\u0435\u043c\u0438\u043d\u0443\u0442\u043d\u043e. <\/p>\n

\u041b\u0438\u0441\u0442\u0438\u043d\u0433 \u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u044f UA \u0438 PTR:<\/b><\/p>\n
\n
#!\/bin\/bash  # \u0411\u0430\u0437\u043e\u0432\u044b\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u0430, \u043e\u0431\u044b\u0447\u043d\u043e \u0432\u044b\u043d\u043e\u0441\u044f\u0442\u0441\u044f \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0439 \u0444\u0430\u0439\u043b, # \u0447\u0442\u043e\u0431\u044b \u0438\u0445 \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u043f\u043e\u0434\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c \u043f\u043e\u0434 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0439 \u043f\u0440\u043e\u0435\u043a\u0442, \u043d\u0435 \u043c\u0435\u043d\u044f\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0441\u043a\u0440\u0438\u043f\u0442. # Export inc file for nginx EXPORT_MAP=true  # Domain list DOMAIN_LIST="domain"  # Block time (in minutes) BLOCK_TIME=1440  # White list IP IP_WHITELIST=""  # White list PTR BOTS="google|yandex|bing|Bing|msn"  # false - not block IP if there is a PTR record BLOCK_WITH_PTR=true  UNBLOCK_ENABLE=true LOGFILE=\/var\/log\/ua-table.log LOGFILE2=\/var\/log\/ua-table-history.log LOCK=\/tmp\/ua_check.lock  D=$DOMAIN_LIST  # \u0421\u043a\u0440\u0438\u043f\u0442 \u0444\u043e\u0440\u043c\u0438\u0440\u0443\u0435\u0442 ptr_blacklist \u0438 ptr_whitelist \u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0442\u043e\u043c \u043a\u043e\u043f\u0438\u0440\u0443\u0435\u0442 \u0438\u0445 \u0432 map-\u0444\u0430\u0439\u043b\u044b # \u0434\u043b\u044f \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u0438 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 BL_FILE=\/etc\/nginx\/vhosts.d\/ptr_blacklist WL_FILE=\/etc\/nginx\/vhosts.d\/ptr_whitelist BL_FILE_MAP=$BL_FILE.map WL_FILE_MAP=$WL_FILE.map  TMP_LOG=\/tmp\/$D-acc-temp.log TMP_LOG1=\/tmp\/$D-acc-temp1.log NGINX_LOG=\/srv\/www\/$D\/shared\/log\/$D-acc.log  [ ! -f \/usr\/bin\/host ] && echo "\/usr\/bin\/host not found. Please yum install bind-utils" && exit [ -z "$DOMAIN_LIST" ] && echo "DOMAIN_LIST is empty" [ ! -f $LOGFILE ] && touch $LOGFILE [ ! -f $LOGFILE2 ] && touch $LOGFILE2  debug="0"  function e {     echo -e $(\/bin\/date "+%F %T") $1 }  # \u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u043d\u0435 \u0437\u0430\u043f\u0443\u0449\u0435\u043d \u043b\u0438 \u0441\u043a\u0440\u0438\u043f\u0442, \u044d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435 \u0434\u0443\u0431\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0437\u0430\u0442\u044f\u043d\u0443\u0432\u0448\u0438\u0435\u0441\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 [ -f $LOCK ] && e "Script $0 is already runing" && exit \/bin\/touch $LOCK  DT=`\/bin\/date "+%F %T"`  if [ ! -f $NGINX_LOG ];then     echo "Log ($NGINX_LOG) not found."     \/bin\/rm -rf $LOCK     exit fi  # \u041e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442\u0430  # \u0414\u0435\u043b\u0430\u0435\u043c \u0432\u044b\u0431\u043e\u0440\u043a\u0443 \u0438\u0437 acc-\u043b\u043e\u0433\u0430, \u0440\u0435\u0433\u0438\u0441\u0442\u0440 \u0432\u0430\u0436\u0435\u043d, \u0442\u0430\u043a \u043c\u044b \u043d\u0435 \u0446\u0435\u043f\u043b\u044f\u0435\u043c \u0437\u0430\u043f\u0438\u0441\u0438 \u0441 \u0432\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u0432 referer \/bin\/egrep "Yandex|Google|bingbot|Bing" $NGINX_LOG | \/usr\/bin\/awk '{print $1}' | \/bin\/sort -n | \/usr\/bin\/uniq > $TMP_LOG   if [ "$EXPORT_MAP" == "true" ]; then     [ ! -f $BL_FILE_MAP ] && \/bin\/touch $BL_FILE_MAP     [ ! -f $WL_FILE_MAP ] && \/bin\/touch $WL_FILE_MAP     [ ! -f $BL_FILE ] && \/bin\/touch $BL_FILE || \/bin\/cp -f $BL_FILE $BL_FILE.bak     [ ! -f $WL_FILE ] && \/bin\/touch $WL_FILE || \/bin\/cp -f $WL_FILE $WL_FILE.bak fi  # \u0420\u0430\u0437\u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u043c \u0430\u0434\u0440\u0435\u0441\u0430 UNBLOCK=0 while read line do     if [[ "$line" == *=* ]]; then         GET_TIME=`echo $line | \/usr\/bin\/awk -F"=" '{print $2}'`         NOW=`\/bin\/date '+%s'`         #echo $NOW         #echo $GET_TIME         if [ "$NOW" -gt "$GET_TIME" ]; then             IP=`echo $line | awk '{print $3}'`             e "$IP unblocked." >> $LOGFILE2             \/bin\/sed -i '\/'$IP'\/d' $BL_FILE             \/bin\/sed -i '\/'$IP'\/d' $LOGFILE             UNBLOCK=1         #else             #e "Nothing to unblock" >> $LOGFILE2        fi     fi done < $LOGFILE  # \u0411\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u043c \u0430\u0434\u0440\u0435\u0441\u0430 while read line do     IP=$line     wl=0     bl=0  # \u0432\u0445\u043e\u0434\u0438\u0442 \u0432 \u0440\u0443\u0447\u043d\u043e\u0439 WL     for I in $IP_WHITELIST     do         if [ "$I" = "$IP" ];then             wl=1         fi     done  # \u0440\u0430\u043d\u0435\u0435 \u0443\u0436\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d \u0438 \u0432\u043d\u0435\u0441\u0435\u043d \u0432 WL     for I in $(\/usr\/bin\/awk '{print $1}' < "$WL_FILE" )     do         if [ "$I" = "$IP" ];then             wl=1         fi     done  # \u0440\u0430\u043d\u0435\u0435 \u0443\u0436\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d \u0438 \u0432\u043d\u0435\u0441\u0435\u043d \u0432 BL     for I in $(\/usr\/bin\/awk '{print $1}' < "$BL_FILE" )     do         if [ "$I" = "$IP" ];then             bl=1         fi     done  # \u0415\u0441\u043b\u0438 IP \u0435\u0441\u0442\u044c \u0432 \u0441\u043f\u0438\u0441\u043a\u0430\u0445, \u0437\u043d\u0430\u0447\u0438\u0442 \u0440\u0430\u043d\u0435\u0435 \u0443\u0436\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d, \u043d\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0435\u0433\u043e PTR     if [ "$wl" = "1" -o "$bl" = "1" ]; then        [ "$debug" -gt "1" ] && e "$IP in white or black list" >> $LOGFILE2     else         PTR=""         SRCHBOT=""         FINDPTR="`\/usr\/bin\/host $IP | \/bin\/grep -v 'not found' | \/bin\/grep -v 'no PTR record' | \/usr\/bin\/head -1 | \/usr\/bin\/awk '{ print $5 }' | \/bin\/sed 's\/\\.$\/\/'`"         if [ -z "$FINDPTR" ];then             PTR=" (PTR record not found)"         else             PTR=" ($FINDPTR)"         fi         SRCHBOT=`\/usr\/bin\/host $IP | \/usr\/bin\/awk '{ print $5 }' | \/usr\/bin\/rev | \/usr\/bin\/cut -d . -f 2-3 | \/usr\/bin\/rev | \/bin\/egrep "$BOTS"`         [ -n "$SRCHBOT" ] && BOT="YES" || BOT="NO"         [ -z "$BLOCK_WITH_PTR" ] && BLOCK_WITH_PTR=true         if [ "$EXPORT_MAP" == "true" ]; then             if [ "$BOT" == "NO" ]; then                 e "$IP blocked $BLOCK_TIME minutes. ($D) Unblock = `\/bin\/date --date="$BLOCK_TIME minute" +%s`" >> $LOGFILE                 e "$IP$PTR blocked $BLOCK_TIME minutes. ($D)" >> $LOGFILE2                 echo "$IP 0;" >> $BL_FILE             else                 echo "$IP 1;" >> $WL_FILE             fi         fi     fi done < $TMP_LOG  # \u0447\u0430\u0441\u0442\u044c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u043f\u043e\u0434\u043c\u0435\u043d\u044b map-\u0444\u0430\u0439\u043b\u043e\u0432 if [ "$EXPORT_MAP" == "true" ]; then      \/bin\/sort -u -o $BL_FILE $BL_FILE > \/dev\/null 2>&1     \/bin\/sort -u -o $WL_FILE $WL_FILE > \/dev\/null 2>&1          MAP_CHANGED=0     if ! diff $BL_FILE $BL_FILE.bak > \/dev\/null 2>&1; then         \/bin\/cp -f $BL_FILE_MAP $BL_FILE_MAP.bak > \/dev\/null 2>&1         \/bin\/cp -f $BL_FILE $BL_FILE_MAP > \/dev\/null 2>&1         MAP_CHANGED=1     fi     if ! diff $WL_FILE $WL_FILE.bak > \/dev\/null 2>&1; then         \/bin\/cp -f $WL_FILE_MAP $WL_FILE_MAP.bak > \/dev\/null 2>&1         \/bin\/cp -f $WL_FILE $WL_FILE_MAP > \/dev\/null 2>&1         MAP_CHANGED=1     fi     if [ "$MAP_CHANGED" -eq "1" -o "$UNBLOCK" -eq "1" ]; then \tRELOAD=`\/usr\/sbin\/nginx -t 2>&1 | \/bin\/grep ok` \tif [ -n "$RELOAD" ];then    \t    \/sbin\/service nginx reload             e "nginx is reloaded" >> $LOGFILE2 \telse     \t    ERROR_RELOAD=`\/sbin\/service nginx configtest 2>&1` \t    \/bin\/cp -f $BL_FILE_MAP.bak $BL_FILE_MAP > \/dev\/null 2>&1 \t    \/bin\/cp -f $WL_FILE_MAP.bak $WL_FILE_MAP > \/dev\/null 2>&1             e "nginx error config test failed" >> $LOGFILE2 \tfi      fi fi \/bin\/rm -rf $LOCK <\/code><\/pre>\n
  <\/div>\n<\/div>\n
  <\/p>\n
\u0421\u043a\u0440\u0438\u043f\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0447\u0430\u0441\u0442\u043e\u0442\u044b \u0440\u0435\u0444\u0435\u0440\u0435\u0440\u043e\u0432 \u0438 \u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u0430 referer-block.conf \u0432\u0438\u0434\u0430:<\/h5>\n
  <\/p>\n
~domain.ru 0; ~\u2026 1; ~\u2026 1; <\/code><\/pre>\n
  \u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u0435\u0436\u0435\u043c\u0438\u043d\u0443\u0442\u043d\u043e.  <\/p>\n
\u041b\u0438\u0441\u0442\u0438\u043d\u0433 \u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0447\u0430\u0441\u0442\u043e\u0442\u044b \u0440\u0435\u0444\u0435\u0440\u0435\u0440\u043e\u0432:<\/b><\/p>\n
\n
#!\/bin\/bash # referer_protect v.1.0.6  # \u0411\u0430\u0437\u043e\u0432\u044b\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u0430, \u043e\u0431\u044b\u0447\u043d\u043e \u0432\u044b\u043d\u043e\u0441\u044f\u0442\u0441\u044f \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0439 \u0444\u0430\u0439\u043b, # \u0447\u0442\u043e\u0431\u044b \u0438\u0445 \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u043f\u043e\u0434\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c \u043f\u043e\u0434 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0439 \u043f\u0440\u043e\u0435\u043a\u0442, \u043d\u0435 \u043c\u0435\u043d\u044f\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0441\u043a\u0440\u0438\u043f\u0442. RECORDS=500 DOMAIN_LIST=domain LA=15 # if Load Average > $LA = Referer is block BLOCK_TIME=360 #in minutes #REF_WHITELIST="" BLOCK_ENABLE=true # true\/false - enable\/disable add firewall rule. email="mail@mail.ru" LOGFILE=\/var\/log\/referer-table.log LOGFILE2=\/var\/log\/referer-table-history.log LOCK=\/tmp\/referer.lock MSG_ALERT=\/tmp\/msg-alert.tmp debug="0"  LA_CURRENT="`cat \/proc\/loadavg | awk '{ print $1}' | awk 'BEGIN { FS="."; }{ print $1}'`" DT=`date "+%F %T"`  [ ! -f $LOGFILE ] && touch $LOGFILE [ -f "$MSG_ALERT" ] && rm -f $MSG_ALERT  function e {     echo -e $(date "+%F %T") $1 }  function msg {     echo "Referer:$REFERER. Domain:$D" >> $MSG_ALERT }  function send_mail {     if [ "$BLOCK_ENABLE" = "true" -a "$LA_CURRENT" -gt "$LA" ];then \tcat $MSG_ALERT | mailx -s "Referers report. Warning" $email     elif [ "$BLOCK_ENABLE" = "true" -a "$LA_CURRENT" -le "$LA" ];then \tcat $MSG_ALERT | mailx -s "Referers report. Notice " $email     else \tcat $MSG_ALERT | mailx -s "Referers report. Notice (Test mode)" $email     fi }  [ -f $LOCK ] && e "Script $0 is already runing" && exit touch $LOCK  NEED_NGINX_RELOAD=0  for D in $DOMAIN_LIST do      TMP_LOG=\/tmp\/ddos-$D-acc-referer.log     TMP_AWK=\/tmp\/tmp_$D-awk.tmp     #NGINX_LOG=\/srv\/www\/$D\/logs\/$D-acc     NGINX_LOG=\/srv\/www\/$D\/shared\/log\/$D-acc.log     REFCONF=\/etc\/nginx\/referer-block-$D.conf      [ ! -s "$REFCONF" ] && echo "~$D 0;" >> $REFCONF      if [ ! -f $NGINX_LOG ];then         echo "Log ($NGINX_LOG) not found."         \/bin\/rm -rf $LOCK         exit     fi      tail -10000 $NGINX_LOG | awk '($9 == "200") || ($9 == "404")' | awk '{print $11}' | sort | uniq -c | sort -n | awk -v x=$RECORDS ' $1 > x {print $2} ' > $TMP_LOG     sed -i "s\/\\"\/\/g" $TMP_LOG # \u0443\u0431\u0438\u0440\u0430\u0435\u043c \u043a\u0430\u0432\u044b\u0447\u043a\u0438     sed -i "\/^-\/d" $TMP_LOG # \u0443\u0431\u0438\u0440\u0430\u0435\u043c referer "-"     sed -i "\/$D\/d" $TMP_LOG # \u0443\u0431\u0438\u0440\u0430\u0435\u043c \u0441\u0432\u043e\u0439 \u0434\u043e\u043c\u0435\u043d     sed -i "\/^localhost\/d" $TMP_LOG # \u0443\u0431\u0438\u0440\u0430\u0435\u043c localhost     awk -F\/ '{print $3}' $TMP_LOG > $TMP_AWK # \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043e\u043c\u0435\u043d \u043e\u0442 url     cat $TMP_AWK > $TMP_LOG      # \u0420\u0430\u0437\u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u043c \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 referer     while read line         do             if [[ "$line" == *=* ]]; then                 GET_TIME=`echo $line | awk -F"=" '{print $2}'`                 NOW=`date +%s`                 #echo $NOW                 #echo $GET_TIME                 if [ "$NOW" -gt "$GET_TIME" ]; then                     REFERER=`echo $line | awk '{print $4}'`                     e "Referer $REFERER unblocked." >> $LOGFILE2                     \/bin\/sed -i '\/'$REFERER'\/d' $LOGFILE                     \/bin\/sed -i '\/'$REFERER'\/d' $REFCONF \t\t    NEED_NGINX_RELOAD=1                fi             fi         done < $LOGFILE      # \u0411\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u043c referer     while read line     do         REFERER=$line          DOUBLE=`cat $REFCONF | grep "$REFERER"`         if [ -n "$DOUBLE" ]; then             [ "$debug" != "0" ] && e "referer $REFERER exist in DROP rule" \telse \t    if [ "$BLOCK_ENABLE" = "true" -a "$LA_CURRENT" -gt "$LA" ];then \t\techo "~$REFERER 1;" >> $REFCONF \t\te "Referer $REFERER blocked $BLOCK_TIME minutes ($D) Unblock = `date --date="$BLOCK_TIME minute" +%s`" >> $LOGFILE \t\te "Referer $REFERER blocked $BLOCK_TIME minutes ($D)" >> $LOGFILE2 \t        NEED_NGINX_RELOAD=1 \t\tif [ ! -s "$MSG_ALERT" ];then  \t\t    echo "Status: WARNING" > $MSG_ALERT \t\t    echo "Date: $DT" >> $MSG_ALERT \t\t    echo "Referer: $RECORDS matches from 10000" >> $MSG_ALERT  \t\t    echo "LA: $LA_CURRENT" >> $MSG_ALERT \t\t    echo "Referer(s) is blocked on $BLOCK_TIME minutes:" >> $MSG_ALERT \t\t    echo "" >> $MSG_ALERT \t\tfi \t\tmsg \t    elif [ "$BLOCK_ENABLE" = "true" -a "$LA_CURRENT" -le "$LA" ];then     \t\tTESTDOUBLE=`cat $LOGFILE | grep "$REFERER"` \t        if [ -z "$TESTDOUBLE" ]; then \t\t    e "Referer $REFERER TEST blocked $BLOCK_TIME minutes ($D) Unblock = `date --date="$BLOCK_TIME minute" +%s`" >> $LOGFILE \t\t    e "TEST. Referer $REFERER TEST blocked $BLOCK_TIME minutes ($D)" >> $LOGFILE2 \t\t    if [ ! -s "$MSG_ALERT" ];then  \t\t\techo "Status: Notice" > $MSG_ALERT \t\t\techo "Date: $DT" >> $MSG_ALERT \t\t\techo "Referer: $RECORDS matches from 10000" >> $MSG_ALERT  \t\t\techo "LA: $LA_CURRENT" >> $MSG_ALERT \t\t\techo "Referer(s) not blocking:" >> $MSG_ALERT \t\t\techo "" >> $MSG_ALERT \t\t    fi \t\t    msg \t\tfi \t    else     \t\tTESTDOUBLE=`cat $LOGFILE | grep "$REFERER"` \t        if [ -z "$TESTDOUBLE" ]; then \t\t    e "Referer $REFERER TEST blocked $BLOCK_TIME minutes ($D) Unblock = `date --date="$BLOCK_TIME minute" +%s`" >> $LOGFILE \t\t    e "TEST. Referer $REFERER TEST blocked $BLOCK_TIME minutes ($D)" >> $LOGFILE2 \t\t    if [ ! -s "$MSG_ALERT" ];then  \t\t\techo "Date: $DT" > $MSG_ALERT \t\t\techo "Current referer found over $RECORDS matches from 10000 records, but script working is TEST MODE " >> $MSG_ALERT  \t\t\techo "Current LA - $LA_CURRENT" >> $MSG_ALERT \t\t\techo "Referer(s) not blocking:" >> $MSG_ALERT \t\t\techo "" >> $MSG_ALERT \t\t    fi \t\t    msg \t\tfi \t    fi \tfi      done < $TMP_LOG  [ -n "email" -a -s "$MSG_ALERT" ] && send_mail  done  # reload nginx if config change if [ $NEED_NGINX_RELOAD -eq 1 ]; then   \/sbin\/service nginx reload >\/dev\/null 2>\/dev\/null fi  \/bin\/rm -rf $LOCK <\/code><\/pre>\n
  <\/div>\n<\/div>\n
   <\/p>\n
\u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b nginx \u043a\u0430\u043a \u0441\u0438\u043c\u043b\u0438\u043d\u043a \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u043e\u0434\u0438\u043d \u0438\u0437 \u0434\u0432\u0443\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0445 \u0432 \u043e\u0431\u044b\u0447\u043d\u043e\u043c \u0438 high LA \u0440\u0435\u0436\u0438\u043c\u0430\u0445.<\/h5>\n
  \u0420\u0435\u0436\u0438\u043c \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u043c, \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u043c \u0435\u0436\u0435\u043c\u0438\u043d\u0443\u0442\u043d\u043e \u0438\u0437 Cron  <\/p>\n
\u0421\u043a\u0440\u0438\u043f\u0442 \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0440\u0435\u0436\u0438\u043c\u043e\u0432:<\/b><\/p>\n
\n
#!\/bin\/bash  ### check LA level MAX_LA=10  processid=`\/sbin\/pidof -x $(basename $0) -o %PPID` if [[ $processid ]];then exit fi  CFG_DDOS='fpm.domain.ru.ddos' CFG_NODDOS='fpm.domain.ru.noddos'   load_average=$(uptime | awk '{print $11}' | cut -d "." -f 1) echo "$(date '+%Y-%m-%d %H:%M') : LA $load_average"  if [[ $load_average -ge $MAX_LA ]]; then   if [ -f \/tmp\/la_flag ]; then     date '+%s' > \/tmp\/la_flag      exit 1   else #    echo "$(date +%Y-%m-%d-%H-%M)"     date '+%s' > \/tmp\/la_flag      mv \/etc\/nginx\/vhosts.d\/new.domain.ru.conf \/etc\/nginx\/vhosts.d\/new.domain.ru.conf.bak > \/dev\/null 2>&1     ln -s \/etc\/nginx\/vhosts.d\/$CFG_DDOS \/etc\/nginx\/vhosts.d\/new.domain.ru.conf     reload=`\/usr\/sbin\/nginx -t 2>&1 | grep ok`     if [ -n "$reload" ];then       \/sbin\/service nginx reload       rm -f \/etc\/nginx\/vhosts.d\/new.domain.ru.conf.bak > \/dev\/null 2>&1       echo "$(date '+%Y-%m-%d %H:%M') : DDOS config up $reload"       exit 0     else       \/sbin\/service nginx configtest 2>&1       mv \/etc\/nginx\/vhosts.d\/new.domain.ru.conf.bak \/etc\/nginx\/vhosts.d\/new.domain.ru.conf > \/dev\/null 2>&1       echo "nginx error config ddos test failed"       echo "alarm nginx config ddos test failed" | mail -s alarm root\t\t       exit 1     fi   fi else   if [ -f \/tmp\/la_flag ]; then     TIMEA=`cat \/tmp\/la_flag`     TIMEC=`date '+%s'`     TIMED=$(( $TIMEC - $TIMEA ))     if [ $TIMED -gt 600 ]; then       echo "high LA ENDED $(date +%Y-%m-%d-%H-%M)"       rm -f \/tmp\/la_flag > \/dev\/null 2>&1       mv \/etc\/nginx\/vhosts.d\/new.domain.ru.conf \/etc\/nginx\/vhosts.d\/new.domain.ru.conf.bak > \/dev\/null 2>&1       ln -s \/etc\/nginx\/vhosts.d\/$CFG_NODDOS \/etc\/nginx\/vhosts.d\/new.domain.ru.conf       reload=`\/usr\/sbin\/nginx -t 2>&1 | grep ok`       echo "$(date '+%Y-%m-%d %H:%M') : NO DDOS config up $reload"       if [ -n "$reload" ];then          \/sbin\/service nginx reload          rm -f \/etc\/nginx\/vhosts.d\/new.domain.ru.conf.bak > \/dev\/null 2>&1          echo "$(date '+%Y-%m-%d %H:%M') : NO ddos config up" \t exit 0       else         \/sbin\/service nginx configtest 2>&1         mv \/etc\/nginx\/vhosts.d\/new.domain.ru.conf.bak \/etc\/nginx\/vhosts.d\/new.domain.ru.conf > \/dev\/null 2>&1 \techo "nginx error config noddos test failed" \techo "alarm nginx config noddos test failed" | mail -s alarm root         exit 1       fi     else       exit 1     fi   else     exit 1   fi fi  <\/code><\/pre>\n
  <\/div>\n<\/div>\n
  <\/p>\n
 \u0427\u0430\u0441\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0432\u044b\u043d\u0435\u0441\u0435\u043d\u0430 \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0439 \u0444\u0430\u0439\u043b, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c\u044b\u0439 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u0430\u0445.<\/h5>\n
  <\/p>\n
\u0424\u0430\u0439\u043b \u0441 \u043e\u0431\u0449\u0438\u043c\u0438 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430\u043c\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043e\u0431\u043e\u0438\u0445 \u0440\u0435\u0436\u0438\u043c\u043e\u0432 vhosts.d\/map.domain.ru.inc:<\/b><\/p>\n
\n
map_hash_bucket_size 128; geoip_country \/usr\/share\/GeoIP\/GeoIP.dat;  limit_req_zone $newlimit_addres1 zone=newone:10m rate=50r\/m;  map $whitelist-$remote_addr:$remote_port $newlimit_addres1 {     ~"^0"                   $binary_remote_addr;     ~"^1-(?<match_rap>.*)"  $match_rap; }  geo $whitelist {    default 0;    91.205.47.150 1;    194.87.91.154 1;    83.69.225.78 1;    77.88.18.82 1;    91.143.46.202 1;    213.180.192.0\/19 1;    87.250.224.0\/19 1;    77.88.0.0\/18 1;    93.158.128.0\/18 1;    95.108.128.0\/17 1;    178.154.128.0\/17 1;    199.36.240.0\/22 1;    84.201.128.0\/18 1;    141.8.128.0\/18 1;    188.134.88.105 1;    89.163.3.25 1;    46.39.246.91 1;    84.21.76.123 1;    136.243.83.53 1;    77.50.238.152 1;    83.167.117.49 1;    109.188.82.40 1;    79.141.227.19 1;    176.192.62.78 1;    86.62.91.133 1;    144.76.88.101 1; }  # \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 \u0440\u0435\u0444\u0435\u0440\u0435\u0440\u043e\u0432 \u0447\u0435\u0440\u0435\u0437 \u0441\u043a\u0440\u0438\u043f\u0442 block_referer.sh map $http_referer $bad_referer {     default      "0";     include \/etc\/nginx\/referer-block.conf; } map $http_referer:$request_method $bad_post_referer {     default      "0";     "~*domain.ru.*:POST$" "0";     "~*:POST$" "1";     include \/etc\/nginx\/referer-block.conf; }  # \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0430\u0431\u043e\u0440 \u0441\u043f\u0438\u0446\u0435\u0444\u0438\u0447\u043d\u044b\u0445 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043e\u043a \u043f\u0440\u043e\u0435\u043a\u0442\u0430 map $query_string $bad_query { ...     default 0; }  # \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043a\u0443\u043a, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u044e\u0442 \u0432 \u0444\u0430\u0439\u043b\u0435 \/checkcapcha.php map $http_cookie $allowed_cookie {   "~somecookie" 1;   default  0; }  \u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u043f\u043e GeoIP \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u041f\u043e\u0434 \u0430\u0442\u0430\u043a\u043e\u0439 map $geoip_country_code $allowed_country {     RU 1;     default 0; }  # \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 \u043f\u043e\u0434\u0441\u0435\u0442\u0435\u0439 Amazon include vhosts.d\/deny-amazon.inc;  # \u0420\u0443\u0447\u043d\u044b\u0435 \u0431\u0435\u043b\u044b\u0439 \u0438 \u0447\u0435\u0440\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043a\u0438 map $remote_addr $valid_addr {     include vhosts.d\/main_blacklist.map;     include vhosts.d\/main_whitelist.map;     default 2; }  # UA \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u0435\u0439-\u0431\u043e\u0442\u043e\u0432 map $http_user_agent $user_agent_search_bot {     "~Yandex"           "1";     "~Google"           "1";     "~*bing"            "1";     "~*MSNBot"          "1";     default             ""; }  map $remote_addr $ptr_wl_bl {     include vhosts.d\/ptr_blacklist.map;     include vhosts.d\/ptr_whitelist.map;     default ""; } map "$user_agent_search_bot:$ptr_wl_bl" $searchbot {     "1:1"  "1";     "1:0"  "0";     default  "2"; } <\/code><\/pre>\n
  <\/div>\n<\/div>\n
  <\/p>\n
\u041b\u0438\u0441\u0442\u0438\u043d\u0433\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432<\/h5>\n
  <\/p>\n
\u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433 \u0434\u043b\u044f \u043d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0440\u0435\u0436\u0438\u043c\u0430 \u0440\u0430\u0431\u043e\u0442\u044b vhosts.d\/fpm.domain.ru.noddos:<\/b><\/p>\n
\n
include vhosts.d\/map.domain.ru.inc;  map "$searchbot:$valid_addr:$bad_referer:$bad_query" $root_location_p1 {     default   @allow_limit;     "~^1:"    @allow;     "~^2:1"   @allow_limit;      "~^0"      @loc_403;     "~^2:0"    @loc_403;     "2:2:1:0"  @loc_403;     "2:2:1:1"  @loc_403;     "2:2:0:1"  @loc_403; }  map "$searchbot:$valid_addr:$bad_post_referer:$bad_query" $root_only_location_p1 {     default   @allow_limit;     "~^1:"    @allow;     "~^2:1"   @allow_limit;      "~^0"      @loc_403;     "~^2:0"    @loc_403;     "2:2:1:0"  @loc_403;     "2:2:1:1"  @loc_403;     "2:2:0:1"  @loc_403; }  ########################################################  server {      listen 80;     listen 443 ssl;      fastcgi_read_timeout 300s;     fastcgi_send_timeout 300s;     fastcgi_connect_timeout 300s;      server_name domain.ru www.domain.ru m.domain.ru www.m.domain.ru;       ssl_certificate ssl\/www.domain.ru.crt;     ssl_certificate_key ssl\/www.domain.ru.key;     charset UTF-8;      access_log \/srv\/www\/domain\/shared\/log\/domain-acc.log main;     error_log \/srv\/www\/domain\/shared\/log\/domain-err.log;      root   \/srv\/www\/domain\/current\/public\/;      error_page 500 502 \/highla.html;  # \u0412\u044b\u0434\u0430\u0435\u0442\u0441\u044f capcha \u0432 \u0444\u0430\u0440\u043c\u0435 POST \u0441 action="\/checkcapcha.php"     location = \/highla.html {         charset UTF-8;         root   \/srv\/www\/domain\/current\/public\/;         allow all;     }  # \u0423\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0445\u044d\u0448\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043a\u0443\u043a\u0430 \u043d\u0430 \u0431\u0430\u0437\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u044f.     location = \/checkcapcha.php {         charset UTF-8;         root   \/srv\/www\/domain\/current\/public\/;         include fastcgi_params;         fastcgi_buffers 8 16k;         fastcgi_buffer_size 32k;         fastcgi_index index.php;         fastcgi_param  SCRIPT_FILENAME $realpath_root$fastcgi_script_name;         fastcgi_param  REQUEST_SCHEME     $scheme;         fastcgi_param  HTTPS              $https if_not_empty;         fastcgi_pass 127.0.0.1:9000;         allow all;     }  # \u0418\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u043d\u044b\u0435 location \u0434\u043b\u044f \u0432\u0435\u0442\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e \u043d\u0438\u043c \u0447\u0435\u0440\u0435\u0437 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u0443\u044e map     location @loc_403 {       access_log \/srv\/www\/domain\/shared\/log\/loc_403-acc main;       return 403;     }      location @allow {         access_log \/srv\/www\/domain\/shared\/log\/allow-acc main;         add_header X-debug-message "Allow";         try_files $uri \/index.php?$query_string;     }      location @allow_limit {         limit_req zone=newone burst=15;         access_log \/srv\/www\/domain\/shared\/log\/allow-acc main;         add_header X-debug-message "Allow";         try_files $uri \/index.php?$query_string;     }      location @deny {         access_log \/srv\/www\/domain\/shared\/log\/deny-acc main;         add_header X-debug-message "Deny";         return 403;     }     location @restrict {         access_log \/srv\/www\/domain\/shared\/log\/resrtict-acc main;         add_header X-debug-message "Restrict";         return 502;     }      location \/ {         try_files \/fake-nonexistens-location-forr273 $root_location_p1;     }      location = \/ {         try_files \/fake-nonexistens-location-forr273 $root_only_location_p1;     }      location ~* \\.php {        include fastcgi_params;        fastcgi_buffers 8 16k;        fastcgi_buffer_size 32k;        fastcgi_index index.php;        fastcgi_param  SCRIPT_FILENAME $realpath_root$fastcgi_script_name;        fastcgi_param  REQUEST_SCHEME     $scheme;        fastcgi_param  HTTPS              $https if_not_empty;        fastcgi_pass 127.0.0.1:9000;     }      location ~* \\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|mid|midi|wav|bmp|rtf|js|swf|flv|avi|djvu|mp3)$ {         root \/srv\/www\/domain\/current\/public; \texpires 7d; \taccess_log off; \tlog_not_found off;     }      location ~ \/\\.git {         deny all;     }      location ~ \/\\.ht {         deny all;     }      location ~ \/\\.svn {         deny all;     }  } <\/code><\/pre>\n
  <\/div>\n<\/div>\n
  <\/p>\n
\u041a\u043e\u043d\u0444\u0438\u0433 \u0434\u043b\u044f \u0440\u0435\u0436\u0438\u043c\u0430 high LA vhosts.d\/fpm.domain.ru.ddos:<\/b><\/p>\n
\n
include vhosts.d\/map.domain.ru.inc;  map "$searchbot:$valid_addr:$bad_referer:$bad_query" $root_location {     default   @main;     "~^1:"    @allow;     "~^2:1"   @allow;      "~^0"      @loc_403;     "~^2:0"    @loc_403;     "2:2:1:0"  @loc_403;     "2:2:1:1"  @loc_403;     "2:2:0:1"  @loc_403; }  map "$searchbot:$valid_addr:$bad_post_referer:$bad_query" $root_only_location {     default   @main;     "~^1:"    @allow;     "~^2:1"   @allow;      "~^0"      @loc_403;     "~^2:0"    @loc_403;     "2:2:1:0"  @loc_403;     "2:2:1:1"  @loc_403;     "2:2:0:1"  @loc_403; }  map "$allowed_country:$allowed_cookie" $main_location {     "1:0"    @allow_limit;     "1:1"    @allow_limit;     "0:1"    @allow_limit;     default  @restrict; }  ########################################################  server {     listen 80;     listen 443 ssl;          fastcgi_read_timeout 300s;     fastcgi_send_timeout 300s;     fastcgi_connect_timeout 300s;      server_name domain.ru www.domain.ru m.domain.ru www.m.domain.ru;      ssl_certificate ssl\/www.domain.ru.crt;     ssl_certificate_key ssl\/www.domain.ru.key;     charset UTF-8;      access_log \/srv\/www\/domain\/shared\/log\/domain-acc.log main;     error_log \/srv\/www\/domain\/shared\/log\/domain-err.log;      root   \/srv\/www\/domain\/current\/public\/;  # \u0412\u044b\u0434\u0430\u0435\u0442\u0441\u044f capcha \u0432 \u0444\u0430\u0440\u043c\u0435 POST \u0441 action="\/checkcapcha.php"     error_page 500 502 \/highla.html;     location = \/highla.html {         charset UTF-8; \troot   \/srv\/www\/domain\/current\/public\/;         allow all;     }  # \u0423\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0445\u044d\u0448\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043a\u0443\u043a\u0430 \u043d\u0430 \u0431\u0430\u0437\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u044f.     location = \/checkcapcha.php {         charset UTF-8;         root   \/srv\/www\/domain\/current\/public\/;         include fastcgi_params;         fastcgi_buffers 8 16k;         fastcgi_buffer_size 32k;         fastcgi_index index.php;         fastcgi_param  SCRIPT_FILENAME $realpath_root$fastcgi_script_name;         fastcgi_param  REQUEST_SCHEME     $scheme;         fastcgi_param  HTTPS              $https if_not_empty;         fastcgi_pass 127.0.0.1:9000;         allow all;     }  # \u0418\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u043d\u044b\u0435 location \u0434\u043b\u044f \u0432\u0435\u0442\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e \u043d\u0438\u043c \u0447\u0435\u0440\u0435\u0437 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u0443\u044e map     location @loc_403 {       access_log \/srv\/www\/domain\/shared\/log\/loc_403-acc main;       return 403;     }          location @allow {         access_log \/srv\/www\/domain\/shared\/log\/allow-acc main;         add_header X-debug-message "Allow";         try_files $uri \/index.php?$query_string;     }      location @allow_limit {         limit_req zone=newone burst=55;         access_log \/srv\/www\/domain\/shared\/log\/allow-limit-acc main;         add_header X-debug-message "Allow";         try_files $uri \/index.php?$query_string;     }      location @deny {         access_log \/srv\/www\/domain\/shared\/log\/deny-acc main;         add_header X-debug-message "Deny";         return 403;     }     location @restrict {         access_log \/srv\/www\/domain\/shared\/log\/resrtict-acc main;         add_header X-debug-message "Restrict";         return 502;     }      location @main {         add_header X-debug-message "Main"; \ttry_files \/fake-nonexistens-location-forr273 $main_location;     }      location \/ { \ttry_files \/fake-nonexistens-location-forr273 $root_location;     }      location = \/ { \ttry_files \/fake-nonexistens-location-forr273 $root_only_location;     }      location ~* \\.php {        include fastcgi_params;        fastcgi_buffers 8 16k;        fastcgi_buffer_size 32k;        fastcgi_index index.php;        fastcgi_param  SCRIPT_FILENAME $realpath_root$fastcgi_script_name;        fastcgi_param  REQUEST_SCHEME     $scheme;        fastcgi_param  HTTPS              $https if_not_empty;        fastcgi_pass 127.0.0.1:9000;     }      location ~* \\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|mid|midi|wav|bmp|rtf|js|swf|flv|avi|djvu|mp3)$ {         root \/srv\/www\/domain\/current\/public;         expires 7d;         access_log off;         log_not_found off;     }      location ~ \/\\.git {         deny all;     }      location ~ \/\\.ht {         deny all;     }      location ~ \/\\.svn {         deny all;     } } <\/code><\/pre>\n
  <\/div>\n<\/div>\n
  <\/p>\n
\u0418\u0442\u043e\u0433<\/h5>\n
  \u042d\u0442\u0438\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0435\u043c \u043c\u044b \u043f\u043e\u043c\u043e\u0433\u043b\u0438 \u043d\u0430\u0448\u0435\u043c\u0443 \u043a\u043b\u0438\u0435\u043d\u0442\u0443 \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u0441\u0432\u043e\u0439 \u043f\u0440\u043e\u0435\u043a\u0442 \u043e\u0442 \u043f\u0430\u0440\u0430\u0437\u0438\u0442\u043d\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0440\u0430\u0431\u043e\u0442\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432.
  \u0410\u0432\u0442\u043e\u0440: \u0432\u0435\u0434\u0443\u0449\u0438\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438<\/a> \u041c\u0430\u0440\u0430\u0442 \u0420\u0430\u0445\u0438\u043c\u043e\u0432.               <\/p>\n
<\/div>\n
 \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438  https:\/\/habrahabr.ru\/post\/278553\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
       \"image\"\/
  \u041a\u043b\u044e\u0447\u0435\u0432\u044b\u0435 \u043c\u043e\u043c\u0435\u043d\u0442\u044b:
  * \u0420\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 PTR \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u0435\u0439;
  * \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 nginx \u0432 IfIsEvil-style \u0441 \u0432\u0435\u0442\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 map;
  * \u0418\u043c\u0435\u043d\u0430 location \u0432 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 map;
  * \u0423\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432\u0435\u0442\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0447\u0435\u0440\u0435\u0437 try_files \/nonexist $map_var.<\/p>\n
  \u041c\u043d\u043e\u0433\u0438\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u043d\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0438 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0441\u0430\u0439\u0442\u044b \u0441\u0442\u0440\u0430\u0434\u0430\u044e\u0442 \u043e\u0442 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u043a\u0440\u043e\u043c\u0435 \u0436\u0438\u0432\u044b\u0445 \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u0435\u0439 \u0438\u0445 \u043f\u043e\u0441\u0435\u0449\u0430\u044e\u0442 \u0440\u0430\u0437\u043d\u043e\u043e\u0431\u0440\u0430\u0437\u043d\u044b\u0435 \u043f\u0430\u0440\u0441\u0435\u0440\u044b, \u0431\u043e\u0442\u044b \u0438 \u043f\u0440\u043e\u0447\u0438\u0435 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0441\u043a\u0430\u043d\u0435\u0440\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u043d\u0435\u0441\u0443\u0442 \u043d\u0438\u043a\u0430\u043a\u043e\u0433\u043e \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0433\u043e \u044d\u0444\u0444\u0435\u043a\u0442\u0430, \u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u043e\u0437\u0434\u0430\u044e\u0442 \u043f\u0430\u0440\u0430\u0437\u0438\u0442\u043d\u044b\u0439 \u0442\u0440\u0430\u0444\u0438\u043a \u0438 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u043d\u0430, \u0438 \u0431\u0435\u0437 \u0442\u043e\u0433\u043e, \u043d\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443. \u0412 \u0434\u0430\u043d\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u044f \u043d\u0435 \u0438\u043c\u0435\u044e \u0432\u0438\u0434\u0443 \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u044b\u0445 \u0431\u043e\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0445\u043e\u0442\u044c \u0438 \u0437\u0430\u0447\u0430\u0441\u0442\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0436\u0430\u044e\u0442 \u043f\u0440\u043e\u0435\u043a\u0442 \u043d\u0435 \u043d\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043e, \u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b \u043b\u044e\u0431\u043e\u043c\u0443 \u043f\u0440\u043e\u0435\u043a\u0442\u0443.
  \u041e\u0434\u0438\u043d \u0438\u0437 \u043d\u0430\u0448\u0438\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u0438\u0441\u043f\u044b\u0442\u044b\u0432\u0430\u043b \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043b\u0430\u0432\u0438\u043d\u043e\u043e\u0431\u0440\u0430\u0437\u043d\u043e\u0433\u043e \u0440\u043e\u0441\u0442\u0430 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0441\u0443\u0442\u043e\u043a. \u041f\u0435\u0440\u0438\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u0438, \u0440\u0430\u0437 \u0432 \u0441\u0443\u0442\u043a\u0438 \u0438 \u0447\u0430\u0449\u0435 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u043b\u0438 \u043d\u0430\u043f\u043b\u044b\u0432\u044b \u043f\u043e\u0441\u0435\u0449\u0435\u043d\u0438\u0439 \u0441\u043e \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u0440\u043e\u0441\u0442\u043e\u043c LA \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445. \u0411\u044b\u043b\u043e \u043f\u0440\u0438\u043d\u044f\u0442\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u043f\u043e\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0437\u0430\u0449\u0438\u0442\u0443 \u043e\u0442 \u043f\u0430\u0440\u0430\u0437\u0438\u0442\u043d\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-275479","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/275479","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=275479"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/275479\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=275479"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=275479"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=275479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}