打印

紧急求助军哥

本主题由 licess 于 2018-3-10 20:12 移动

紧急求助军哥

access.log里显示有上万个这种访问特征,论坛直接被卡死

请教下:怎么配置nginx,匹配这种\x00请求(非GET/POST请求),直接返回400,或者直接抛弃,不用再做其他处理了。


如下特征:
220.163.116.138 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
60.248.34.47 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
61.230.199.79 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
114.36.74.74 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
114.36.74.74 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
61.227.170.5 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
111.204.124.185 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
114.36.74.74 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
61.230.139.144 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
122.102.39.18 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
61.77.125.95 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
60.248.34.47 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
218.173.155.124 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
1.161.233.139 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
218.173.155.124 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
114.37.207.139 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
220.163.116.138 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
219.68.204.21 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
218.166.118.106 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
122.102.39.18 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
1.200.222.1 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
210.14.159.248 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
175.181.177.16 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
122.102.39.18 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
122.114.197.59 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
178.150.35.121 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
125.208.30.2 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
189.0.73.80 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 166 "-" "-"
61.230.139.144 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"
118.160.133.189 - - [08/Mar/2018:19:54:54 +0800] "\x00" 400 0 "-" "-"

TOP

一般只有get、post、head会用的到,你确定你也只需要这几个请求方法的话可以在对应虚拟主机里面添加上
复制内容到剪贴板
代码:
if ($request_method !~ ^(GET|POST|HEAD|PUT)$ )
{
        return 444;
}
将一些非法请求都丢掉不处理

LNMP付费问题排查/LNMP技术支持/Paypal信用卡代付/代购VPS,域名,软件等 QQ 503228080 旺旺 lzhenbao
军哥淘宝店铺
QQ/旺旺仅提供代购及付费代维/问题解决等服务,其他不回复!LNMP相关问题请在本论坛发帖,提问前先搜索,按https://bbs.vpser.net/thread-2555-1-1.html 要求反馈问题!

TOP

好的,谢谢军哥回复。:)

TOP