高频率登录尝试 ip封禁已经实现

url=/login/---
[pid: 13055|app: 0|req: 2/13] 127.0.0.1 () {42 vars in 713 bytes} [Mon May 25 08:07:28 2026] POST /login/ => generated 10 bytes in 24 msecs (HTTP/1.1 200) 8 headers in 356 bytes (1 switches on core 1)

url=/login/---
非法访问，一分钟内访问次数太多
[pid: 13050|app: 0|req: 7/14] 127.0.0.1 () {42 vars in 713 bytes} [Mon May 25 08:07:29 2026] POST /login/ => generated 0 bytes in 9 msecs (HTTP/1.1 200) 8 headers in 355 bytes (1 switches on core 1)

url=/login/---
非法访问，一分钟内访问次数太多
[pid: 13051|app: 0|req: 5/15] 127.0.0.1 () {42 vars in 713 bytes} [Mon May 25 08:07:31 2026] POST /login/ => generated 0 bytes in 8 msecs (HTTP/1.1 200) 8 headers in 355 bytes (1 switches on core 0)

url=/login/---
非法访问，一分钟内访问次数太多
[pid: 13050|app: 0|req: 8/16] 127.0.0.1 () {42 vars in 713 bytes} [Mon May 25 08:07:32 2026] POST /login/ => generated 0 bytes in 6 msecs (HTTP/1.1 200) 8 headers in 355 bytes (1 switches on core 0)
---------------------------------------------------------------

这个策略对待不是专业级别的黑客还是很有用的。

如果没有ip池，攻击频率可以限制在5秒/次。好像是封禁10分钟