我刚刚将第一个Rails 3.2.6应用程序发布到生产服务器。当有人进入主页时,这由我的IndexController处理,并且根据登录的用户类型,它可能会将其发送到备用URL。
我所拥有的稍微简化的代码示例是:
def index
path = new_user_session_url #default path
if current_user
path = users_admin_index_path #admin path
end
redirect_to path, :notice => flash[:notice], :alert => flash[:alert]
end
我感到困惑的是,我一直在监视日志中的问题,看起来重定向将转发到巴西的两个IP地址的随机站点。这是我应该担心的吗?任何有关帮助我了解这里发生的事情的信息都将非常感激。
请参阅下面的日志摘录,在“重定向到”网址中,域名将从我的网站更改为www.bradesco.com.br,www.bb.com.br或www.itau.com。宽单峰
没有人在网站上报道任何问题,但我只是想尝试更好地理解这一点。
Started GET "/" for 65.111.177.188 at 2012-08-10 00:20:10 -0400
Processing by Home::IndexController#index as HTML
Redirected to http://www.itau.com.br/home
Completed 302 Found in 2ms (ActiveRecord: 0.0ms)
Started GET "/" for 65.111.177.188 at 2012-08-10 00:20:10 -0400
Processing by Home::IndexController#index as HTML
Redirected to http://www.bradesco.com.br/home
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
Started GET "/" for 65.111.177.188 at 2012-08-10 00:20:10 -0400
Processing by Home::IndexController#index as HTML
Redirected to http://www.bb.com.br/home
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
Started GET "/" for 64.251.28.71 at 2012-08-09 22:00:20 -0400
Processing by Home::IndexController#index as HTML
Redirected to http://www.bradesco.com.br/home
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
答案 0 :(得分:1)
我和我的一个Rails临时服务器看到了同样的事情。我认为问题在于您需要拒绝所有不属于预期域名的流量。
在你的nginx设置中有这样的东西(如果你使用的是nginx):
http://nginx.org/en/docs/http/server_names.html
server {
listen 80 default_server;
server_name _;
return 444;
}
不确定此流量的重点是什么?某种使用别人的Rails应用程序作为网络钓鱼网站的新方式,同时嗅探网络流量?似乎有太多的变量可以成为一种有效的技术。