How to make nginx redirect a certain IP within a certain period of time

Question

How to make nginx redirect a certain IP within a certain period of time
I wrote a filtering rule:

set $trigger 0;
if ($request_body ~ "woaini|admin"){
    set $trigger 1;
}
if ($trigger = 1) {
    重定向命令
}

There is a problem here, that is, if the other party meets the conditions, it will be redirected, but when you visit again after tens of seconds or a few seconds, the redirection will not work.
What I want is that when the other party triggers these rules for the first time, the other party's IP will be redirected in the next day, regardless of whether the rules are triggered next. When 24 hours have passed, unblock. If the other party triggers it again one day later, then redirect it for another day.

It is said on the Internet that the ngx_white_black_list module is used, but it is not clear where in the source code to write (rewrite) the command to be run by the blacklist. Here are the answers given online:

动态黑名单
    要使用该功能必须对 ngx_http_limit_req_module.c 进行patch
    在ngx_http_limit_req_module.c中
    增加#include <white_black_list.h>
    并修改代码找到：
    "
    if (rc == NGX_BUSY) {
        ngx_log_error(lrcf->limit_log_level, r->connection->log, 0,
                      "limiting requests, excess: %ui.%03ui by zone \"%V\"",
                      excess / 1000, excess % 1000,
                      &limit->shm_zone->shm.name);
        "
    在其下面增加：
    ngx_black_add_item_interface(r, 1);
        配备关键字：
                dyn_black
        格式：
                dyn_black $zone_name time;
        比如：
                dyn_black black 60; //禁止访问60秒，60秒后自动解除
        注意：
                必须要配置black_list
        配置示例：
                http{
                        ....
                        white_black_list_conf conf/black.list zone=black:4m;
                        limit_req_zone $binary_remote_addr zone=one:8m rate=4r/s;
                        ...
                        server {
                                location / {
                 black_list black on;
                 limit_req zone=one burst=6;
                 dyn_black black 60; //禁止访问60秒，60秒后自动解除
                 ...
                 }
                 location /xxx {
                 sec_config on;
                 }
                 ...
                        }
                        ...
                }

Only forbidden access is given here. Not sure if it should be rewritten as redirection

Answer 1

If you want to prevent attacks, you should use iptables and clear it after a certain period of time.
If you use Openresty, you can use rewrite_by_lua