我在我的access.log中find了这些请求:
XXXX - - [03/Apr/2017:20:52:31 +0200] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 301 184 "-" "-" XXXX - - [03/Apr/2017:20:52:31 +0200] "GET //myadmin/scripts/setup.php HTTP/1.1" 301 184 "-" "-" XXXX - - [03/Apr/2017:20:52:31 +0200] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 301 184 "-" "-" XXXX - - [03/Apr/2017:20:52:31 +0200] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 301 184 "-" "-" XXXX - - [03/Apr/2017:20:52:31 +0200] "GET //pma/scripts/setup.php HTTP/1.1" 301 184 "-" "-" XXXX - - [03/Apr/2017:20:52:31 +0200] "GET /muieblackcat HTTP/1.1" 301 184 "-" "-"
我知道这些请求是为了查找我的服务器上的漏洞。 我们可以看到这些请求被永久redirect(301)。 但是nginx / GeoIP应该用403(Forbidden)阻止它们。 为什么把这些请求redirect到哪里?
这是我的nginxconfiguration(用作反向代理):
server { listen 80; server_name example.com; # enforce https return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name example.com; if ($lan-ip = yes) { set $allowed_country yes; } if ($allowed_country = no) { return 403; } root /var/www/html; # SSL Configuration # . # . # . add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; root /var/www/html; index index.html; location /app { proxy_pass https://192.168.0.20; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
这是nginx.conf的GeoIP阻止方:
geoip_country /usr/share/GeoIP/GeoIP.dat; map $geoip_country_code $allowed_country { default no; DE yes; } geo $lan-ip { default no; 192.168.0.0/24 yes; }