日志显示来自未知 IP 的持续 GET 请求
Log shows constant GET requests from unknown IP's
我在 AWS EC2 实例上有一个 Ubuntu、Apache、Rails 4 站点。我的网站运行良好,但现在说它因用户过多而过载。事实并非如此,因为它是一个私人网站。我的 --tail 日志显示该站点不断被以下重复的 GET 请求请求。
I, [2015-04-01T21:37:43.996476 #1198] INFO -- : Rendered layouts/_google_analytics.html.erb (1.2ms)
I, [2015-04-01T21:37:43.997616 #1198] INFO -- : Completed 200 OK in 1155ms (Views: 1154.0ms | ActiveRecord: 0.0ms)
I, [2015-04-01T21:37:44.184503 #1198] INFO -- : Started GET "/" for 54.###.##.### at 2015-04-01 21:37:44 +0000
I, [2015-04-01T21:37:44.273012 #1198] INFO -- : Processing by HomeController#home_page as */*
I, [2015-04-01T21:37:44.733609 #1198] INFO -- : Rendered home/_sign_up_modal.html.erb (99.0ms)
I, [2015-04-01T21:37:44.860521 #1198] INFO -- : Rendered home/home_page.html.erb within layouts/application (585.2ms)
I, [2015-04-01T21:37:44.864389 #1198] INFO -- : Rendered /home/ubuntu/.rvm/gems/ruby-2.1.5/gems/stripe-rails-0.3.1/app/views/stripe/_js.html.erb (3.1ms)
每个请求的唯一不同是每次 GET 来自不同的 IP。 54.###.##.###每次都改变。 None其中是用户,我敢肯定。
Started GET "/" for 54.###.##.### at 2015-04-01 21:37:44 +0000
这是某种负载攻击吗?我是新手,希望我能提供足够的信息来提供帮助,但如果我分享的不够多,请索取更多信息。
/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName ec2-54-###-###-##.us-west-2.compute.amazonaws.com
# !!! Be sure to point DocumentRoot to 'public'!
DocumentRoot /etc/projects/myapp/public
<Directory /etc/projects/myapp/public>
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
编辑
我根据 https://wiki.apache.org/httpd/ProxyAbuse 添加了以下内容,但现在我得到 "You don't have permission to access / on this server."
/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName default.only
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName ec2-54-##-###-##.us-west-2.compute.amazonaws.com
# !!! Be sure to point DocumentRoot to 'public'!
DocumentRoot /etc/projects/myapp/public
<Directory /etc/projects/myapp/public>
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
在亚马逊上制定一条规则,禁止(或限制)该 IP 范围,直到您弄清楚为止。您可以设置 allow/disallow IP 范围和端口的权限。
我在 AWS EC2 实例上有一个 Ubuntu、Apache、Rails 4 站点。我的网站运行良好,但现在说它因用户过多而过载。事实并非如此,因为它是一个私人网站。我的 --tail 日志显示该站点不断被以下重复的 GET 请求请求。
I, [2015-04-01T21:37:43.996476 #1198] INFO -- : Rendered layouts/_google_analytics.html.erb (1.2ms)
I, [2015-04-01T21:37:43.997616 #1198] INFO -- : Completed 200 OK in 1155ms (Views: 1154.0ms | ActiveRecord: 0.0ms)
I, [2015-04-01T21:37:44.184503 #1198] INFO -- : Started GET "/" for 54.###.##.### at 2015-04-01 21:37:44 +0000
I, [2015-04-01T21:37:44.273012 #1198] INFO -- : Processing by HomeController#home_page as */*
I, [2015-04-01T21:37:44.733609 #1198] INFO -- : Rendered home/_sign_up_modal.html.erb (99.0ms)
I, [2015-04-01T21:37:44.860521 #1198] INFO -- : Rendered home/home_page.html.erb within layouts/application (585.2ms)
I, [2015-04-01T21:37:44.864389 #1198] INFO -- : Rendered /home/ubuntu/.rvm/gems/ruby-2.1.5/gems/stripe-rails-0.3.1/app/views/stripe/_js.html.erb (3.1ms)
每个请求的唯一不同是每次 GET 来自不同的 IP。 54.###.##.###每次都改变。 None其中是用户,我敢肯定。
Started GET "/" for 54.###.##.### at 2015-04-01 21:37:44 +0000
这是某种负载攻击吗?我是新手,希望我能提供足够的信息来提供帮助,但如果我分享的不够多,请索取更多信息。
/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName ec2-54-###-###-##.us-west-2.compute.amazonaws.com
# !!! Be sure to point DocumentRoot to 'public'!
DocumentRoot /etc/projects/myapp/public
<Directory /etc/projects/myapp/public>
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
编辑
我根据 https://wiki.apache.org/httpd/ProxyAbuse 添加了以下内容,但现在我得到 "You don't have permission to access / on this server." /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName default.only
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName ec2-54-##-###-##.us-west-2.compute.amazonaws.com
# !!! Be sure to point DocumentRoot to 'public'!
DocumentRoot /etc/projects/myapp/public
<Directory /etc/projects/myapp/public>
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
在亚马逊上制定一条规则,禁止(或限制)该 IP 范围,直到您弄清楚为止。您可以设置 allow/disallow IP 范围和端口的权限。