‹‹ 上一主题 | 下一主题 ››
发新话题
打印

紧急求助军哥

本主题由 licess 于 2018-3-10 20:12 移动
jj168abc

新手上路

Rank: 1

帖子
27 
积分
21 
威望
0  
贡献
14  
阅读权限
20 
1# 发表于 2018-3-10 19:33  只看该作者

紧急求助军哥

access.log里显示有上万个这种访问特征,论坛直接被卡死

请教下:怎么配置nginx,匹配这种\x00请求(非GET/POST请求),直接返回400,或者直接抛弃,不用再做其他处理了。


如下特征:
220.163.116.138 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
60.248.34.47 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
61.230.199.79 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
114.36.74.74 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
114.36.74.74 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
61.227.170.5 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
111.204.124.185 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
114.36.74.74 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
61.230.139.144 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
122.102.39.18 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
61.77.125.95 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
60.248.34.47 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
218.173.155.124 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
1.161.233.139 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
218.173.155.124 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
114.37.207.139 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
220.163.116.138 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
219.68.204.21 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
218.166.118.106 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
122.102.39.18 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
1.200.222.1 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
210.14.159.248 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
175.181.177.16 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
122.102.39.18 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
122.114.197.59 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
178.150.35.121 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
125.208.30.2 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
189.0.73.80 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
61.230.139.144 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
118.160.133.189 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"

TOP

licess

军哥

管理员

Rank: 9Rank: 9Rank: 9

代购VPS、VPN、域名、主机找我哦 ...

帖子
17627 
积分
48980 
威望
29156  
贡献
51121  
阅读权限
200 

终身成就奖

2# 发表于 2018-3-10 21:23  只看该作者
一般只有get、post、head会用的到,你确定你也只需要这几个请求方法的话可以在对应虚拟主机里面添加上
复制内容到剪贴板
代码:
if ($request_method !~ ^(GET|POST|HEAD|PUT)$ )
{
        return 444;
}
将一些非法请求都丢掉不处理

LNMP付费问题排查/LNMP技术支持/Paypal信用卡代付/代购VPS,域名,软件等 QQ 503228080 旺旺 lzhenbao
军哥淘宝店铺
QQ/旺旺仅提供代购及付费代维/问题解决等服务,其他不回复!LNMP相关问题请在本论坛发帖,提问前先搜索,按https://bbs.vpser.net/thread-2555-1-1.html 要求反馈问题!

TOP

jj168abc

新手上路

Rank: 1

帖子
27 
积分
21 
威望
0  
贡献
14  
阅读权限
20 
3# 发表于 2018-3-11 12:07  只看该作者
好的,谢谢军哥回复。:)

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题