日志显示来自未知IP常数GET请求 [英] Log shows constant GET requests from unknown IP's
问题描述
我有一个Ubuntu,阿帕奇,Rails的4个网站上的AWS EC2实例。我的网站工作正常,但现在是说这是超负荷的用户。这是不是这样的,因为它是一个私人网站。我 - 尾日志显示,该网站在不断地被要求具有以下重复GET请求。
I have an Ubuntu, Apache, Rails 4 site on an AWS EC2 instance. My site was working fine but now is saying that it is overloaded with users. That is NOT the case as it is a private site. My --tail log shows that the site in constantly being requested with the following repeating GET requests.
I, [2015-04-01T21:37:43.996476 #1198] INFO -- : Rendered layouts/_google_analytics.html.erb (1.2ms)
I, [2015-04-01T21:37:43.997616 #1198] INFO -- : Completed 200 OK in 1155ms (Views: 1154.0ms | ActiveRecord: 0.0ms)
I, [2015-04-01T21:37:44.184503 #1198] INFO -- : Started GET "/" for 54.###.##.### at 2015-04-01 21:37:44 +0000
I, [2015-04-01T21:37:44.273012 #1198] INFO -- : Processing by HomeController#home_page as */*
I, [2015-04-01T21:37:44.733609 #1198] INFO -- : Rendered home/_sign_up_modal.html.erb (99.0ms)
I, [2015-04-01T21:37:44.860521 #1198] INFO -- : Rendered home/home_page.html.erb within layouts/application (585.2ms)
I, [2015-04-01T21:37:44.864389 #1198] INFO -- : Rendered /home/ubuntu/.rvm/gems/ruby-2.1.5/gems/stripe-rails-0.3.1/app/views/stripe/_js.html.erb (3.1ms)
与每个请求的唯一不同的是,在GET是从一个不同的IP各一次。 54。###。##。###,每次变化。 他们都不是用户,我确信这一点。
Started GET "/" for 54.###.##.### at 2015-04-01 21:37:44 +0000
这是某种形式的负载攻击?我是新来的这一点,希望我提供足够的信息,以帮助,但请索取更多,如果我不共享不够。
Is this some sort of load attack? I am new to this and hope I am giving adequate information to help but please request more if I am not sharing enough.
/etc/apache2/sites-available/000-default.conf
/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName ec2-54-###-###-##.us-west-2.compute.amazonaws.com
# !!! Be sure to point DocumentRoot to 'public'!
DocumentRoot /etc/projects/myapp/public
<Directory /etc/projects/myapp/public>
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
修改
我加元 https://wiki.apache.org/httpd/ProxyAbuse 以下但现在我收到您没有权限访问/在此服务器上。 /etc/apache2/sites-available/000-default.conf
I added the following per https://wiki.apache.org/httpd/ProxyAbuse but now I am getting "You don't have permission to access / on this server." /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName default.only
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName ec2-54-##-###-##.us-west-2.compute.amazonaws.com
# !!! Be sure to point DocumentRoot to 'public'!
DocumentRoot /etc/projects/myapp/public
<Directory /etc/projects/myapp/public>
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
推荐答案
把规则亚马逊将禁止(或限制)的IP范围,直到你看着办吧。您可以设置权限,将允许/禁止IP范围和端口。
Put a rule on amazon that will disallow (or limit) that IP range until you figure it out. You can set permissions that will allow/disallow IP ranges and ports.
这篇关于日志显示来自未知IP常数GET请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
