这个访问如何在没有收到 403 的情况下通过
我在 Ubuntu 服务器上有一个标准的 Apache 2 设置。我基本上阻止了外界的几乎所有事情,但仍然向朋友和家人开放一些基本的东西。不管怎样,我经常在我的访问日志中注意到这样的条目(常识的概括):
157.245.70.127 - - [every-day] "GET /ab2g HTTP/1.1" 400 497 "-" "-"
157.245.70.127 - - [every-day] "GET /ab2h HTTP/1.1" 400 497 "-" "-"
xxx.xxx.xxx.xxx - - [sometimes] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 487 "-" "Mozilla/5.0 the rest or the user-agent..."
没什么可怕的,但是,我想强制它们进入 403。这是配置的概括摘录:
<Directory ~ "/var/www/.*">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
# A pure global block of anything not supported in my server
Include /etc/apache2/IPBlackList.conf
RewriteEngine on
RewriteCond %{REQUEST_URI} ^.*?(ab2[gh]|and other things).*$ [OR]
RewriteCond %{HTTP_USER_AGENT} (^-?$|and other things) [OR]
RewriteCond %{REQUEST_METHOD} CONNECT
RewriteRule "" "-" [F]
</Directory>
这适用于所有其他情况。也就是说,无论您在哪里看到“和其他内容”,所有这些内容都会导致 403,无论 IP 是否被阻止。这是目标,但对于某些参赛作品,我几乎得到了 400 分。还不错,但是,这让我很紧张。
我已明确将 157.245.70.127 放入我的 IP 阻止列表中。对于阻止列表中的所有其他 IP,它工作得很好。
对于空白用户代理,几乎每次都能工作,但每次都能通过。
换句话说...... 157 IP 正在通过 IP 块、请求 URI 块和空白用户代理块。
“cgi-bin”来自不同的 IP,具有不同的 URI,有时它们会得到 403,但有时则不会。一般来说,当我阻止 IP 时它会起作用,但是......为什么 HTTP_POST 在某些情况下不起作用?
我错过了什么??? 我该如何解决???
I have a standard Apache 2 setup on an Ubuntu Server. I basically block almost everything from the outside world, but it is still open to friends and family for some basic stuff. Anyway, I frequently notice entries like these (generalizations for common sense) in my access logs:
157.245.70.127 - - [every-day] "GET /ab2g HTTP/1.1" 400 497 "-" "-"
157.245.70.127 - - [every-day] "GET /ab2h HTTP/1.1" 400 497 "-" "-"
xxx.xxx.xxx.xxx - - [sometimes] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 487 "-" "Mozilla/5.0 the rest or the user-agent..."
Nothing scary, but, I wanted to just force them to a 403. Here is a generalized excerpt from the config:
<Directory ~ "/var/www/.*">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
# A pure global block of anything not supported in my server
Include /etc/apache2/IPBlackList.conf
RewriteEngine on
RewriteCond %{REQUEST_URI} ^.*?(ab2[gh]|and other things).*$ [OR]
RewriteCond %{HTTP_USER_AGENT} (^-?$|and other things) [OR]
RewriteCond %{REQUEST_METHOD} CONNECT
RewriteRule "" "-" [F]
</Directory>
This works for every other case. That is, where ever you see "and other things", all those things result in a 403, regardless if the IP is blocked or not. This is the goal, but for some entries, I get pretty much a 400. Not bad, but, it's getting on my nerves.
I have expressly put the 157.245.70.127 in my IP block list. For all other IP's in the block list, it works just fine.
For the blank user agent, works virtually every time, but that one gets through every single time.
In other words... that 157 IP is getting through the IP block, the request URI block, and the blank user agent block.
The "cgi-bin" ones come from different IPs and have varying URIs, and, sometimes they get a 403, but other times not. Generally speaking, when I block the IP it works, but... why isn't the HTTP_POST not working in some cases?
What am I missing???
How can I resolve???
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在我的 apache 服务器上,这些“400”错误响应通常是为了响应没有 HOST 标头的 HTTP/1.1 请求而发送的。此错误检查会阻止其他处理,因此 REWRITE 和 SETENVIF 不起作用。
FWIW - 我发现拦截它们的唯一方法是从 LOG 输出流发送到外部程序,该程序查找并处理 400 个错误标记的数据包。但到那时它们已经被处理了。
On my apache' servers, these "400" error responses are usually sent in response to HTTP/1.1 requests that have no HOST header. This error check precludes other processing, so REWRITE and SETENVIF have no effect.
FWIW - The only way I've found to intercept them is from the LOG output stream, by sending to an external program which looks for and processes 400 error marked packets. But they are already processed by that time.