服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Nginx代理filter在Fail2ban中究竟做了什么?
Intereting Posts
Active Directory站点没有出现在DNS中 SQL服务器碎片locking问题 http://127.0.0.1:8500/ 基于CDMA的时间服务器是否被动地从小区networking读取定时信息? 打开LDAP服务器迁移 GVFS位置在〜/ .gvfs中不可用 Hadoop:黑名单tasktracker 如何使用uwsgitop从所有uWSGI vassals获得所有统计信息的汇总? 我应该花多less钱来支付PHP webhosting服务? Postfix重写发件人:为什么这不工作 PCIconfiguration 什么是在truecrypt使用智能卡的一般过程? apache升级到2.4.7后无法正常工作 openLDAP ldap_modify:尝试删除自定义模式时,服务器不愿意执行(53) Ubuntu服务器软件RAID1

Nginx代理filter在Fail2ban中究竟做了什么?

Nginx代理filter在Fail2ban中究竟做了什么?

我目前正在为Nginx设置Fail2Ban。 几乎在任何地方我读过,他们都包含了一个[nginx-proxy]代理filter的设置。 从示例中,我可以看到这个filter如何禁止在日志中执行类似这样的事情的ipaddress: 

 58.218.204.110 - - [06/Mar/2011:08:04:42 -0800] "GET http://www.shopsline.com/proxyheader.php HTTP/1.1" 404 505 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 58.218.199.147 - - [06/Mar/2011:11:01:33 -0800] "GET http://www.foodnese.com/indux.php HTTP/1.1" 404 498 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 58.218.199.147 - - [06/Mar/2011:16:00:18 -0800] "GET http://98.126.64.106/judge123.php HTTP/1.1" 403 502 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 58.218.204.110 - - [06/Mar/2011:16:19:08 -0800] "GET http://98.126.64.106/judge123.php HTTP/1.1" 403 502 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 58.218.199.147 - - [06/Mar/2011:18:30:13 -0800] "GET http://www.travelimgusa.com/ip.php HTTP/1.1" 404 499 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 58.218.199.147 - - [06/Mar/2011:23:27:23 -0800] "GET http://www.seektwo.com/proxy-1.php HTTP/1.1" 404 499 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 58.218.204.110 - - [07/Mar/2011:00:36:45 -0800] "GET http://www.eduju.com/proxyheader.php HTTP/1.1" 404 501 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 58.218.199.147 - - [07/Mar/2011:04:27:13 -0800] "GET http://www.eduju.com/proxyheader.php HTTP/1.1" 404 501 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 58.218.199.147 - - [07/Mar/2011:09:24:13 -0800] "GET http://98.126.64.106/judge123.php HTTP/1.1" 403 502 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 58.218.199.147 - - [07/Mar/2011:14:25:03 -0800] "GET http://www.foodnese.com/indux.php HTTP/1.1" 404 498 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 58.218.199.147 - - [07/Mar/2011:16:54:09 -0800] "GET http://www.foodnese.com/indux.php HTTP/1.1" 404 498 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 58.218.199.147 - - [07/Mar/2011:19:21:51 -0800] "GET http://www.racross.com/proxyheader.php HTTP/1.1" 404 503 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 58.218.199.147 - - [08/Mar/2011:05:19:50 -0800] "GET http://piceducation.com/proxyheader.php HTTP/1.1" 301 605 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 58.218.199.147 - - [08/Mar/2011:15:15:22 -0800] "GET http://www.piggmail.com/proxyheader.php HTTP/1.1" 404 504 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 58.218.199.147 - - [08/Mar/2011:17:43:58 -0800] "GET http://www.cjpjp.com/proxyheader.php HTTP/1.1" 404 501 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 58.218.199.147 - - [08/Mar/2011:20:14:15 -0800] "GET http://98.126.64.106/judge123.php HTTP/1.1" 403 502 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

但是我不明白的是,这些人真的想做什么? 这些IP地址试图使用我的服务器来获取他们的另一个网站? 这些代理攻击是如何工作的? 我似乎无法find我的服务器如何可以作为代理和为什么我需要代理filter的很多信息。