nginx 日志如下,禁止这类攻击的 nginx 怎么写?谢谢!:
1 类,都不经过 get/post 请求?怎么禁止访问:
143.110.218.251 - [2022-09-25T06:02:21+08:00] "\x1EF\x0Fe\x16\xD4,U\xEFh\x1F.\x10_\xF1\xF1]\x82\x81\xD1y\xC0\x81k\xF5\x01*\xDDy\xC0\x81\xD0}\x82\x81\xD1y\xC3\x89\xD1y\xC0\x81\xD1y\xC0\x81{y\xC0\x81\xD1y\xEB\xAA\xD1y\xC0\x81\xF9y\xC0\x81\xD1y\xC0\x81\xD1y\xC0\x81\xD1y\xC0\x81\xD0x\xC0\x81\xD1y\xD6\x81\xD1y\xC0\x81\xD1y\xC0\x81\xD1y\xC0\x81\xD1y\xC0\x81\xD1y\xC4\x81\xD1y\xC0\x81\xD1y\xC0\x81\x04\x00" 400 "0.019" "http" refer="-"
64.227.99.233 - [2022-09-25T09:06:30+08:00] "\x00\x0E8\x85.1CKv--\x00\x00\x00\x00\x00" 400 "0.008" "http" refer="-"
157.245.176.143 - [2022-09-25T09:39:19+08:00] "SSTP_DUPLEX_POST /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ HTTP/1.1" 400 "0.000" "https" refer="-"
192.241.193.104 - [2022-09-25T09:54:33+08:00] "MGLNDD_208.64.228.44_443" 400 "0.007" "http" refer="-"
2 类,GET http://example.com/ 是 get 请求,但是直接就 http://是什么鬼,怎么禁止访问?
92.118.39.30 - [2022-09-19T14:00:25+08:00] "GET http://example.com/ HTTP/1.1" 302 "0.000" "http" refer="-"
1
0o0O0o0O0o 2022-09-25 18:11:52 +08:00 via iPhone
fail2ban
|
2
PMR 2022-09-25 18:59:30 +08:00 via Android
if ( $request_method !~ ^(GET|POST)$ ) {
return 400; } |
3
defunct9 2022-09-25 18:59:47 +08:00 via iPhone
正则杀
|
6
scphy 2022-09-26 09:42:52 +08:00 via Android
第二类我一般是判断 host ,不是自己域名的都拦了
|