Log显示来自未知IP的常量GET请求

时间:2015-04-01 21:38:08

标签: security ruby-on-rails-4 amazon-web-services amazon-ec2 get

我在AWS EC2实例上有一个Ubuntu,Apache,Rails 4站点。我的网站工作正常,但现在说它已经超载了用户。事实并非如此,因为它是一个私人网站。我的--tail日志显示该网站不断被请求以下重复的GET请求。

I, [2015-04-01T21:37:43.996476 #1198]  INFO -- :   Rendered layouts/_google_analytics.html.erb (1.2ms)
I, [2015-04-01T21:37:43.997616 #1198]  INFO -- : Completed 200 OK in 1155ms (Views: 1154.0ms | ActiveRecord: 0.0ms)
I, [2015-04-01T21:37:44.184503 #1198]  INFO -- : Started GET "/" for 54.###.##.### at 2015-04-01 21:37:44 +0000
I, [2015-04-01T21:37:44.273012 #1198]  INFO -- : Processing by HomeController#home_page as */*
I, [2015-04-01T21:37:44.733609 #1198]  INFO -- :   Rendered home/_sign_up_modal.html.erb (99.0ms)
I, [2015-04-01T21:37:44.860521 #1198]  INFO -- :   Rendered home/home_page.html.erb within layouts/application (585.2ms)
I, [2015-04-01T21:37:44.864389 #1198]  INFO -- :   Rendered /home/ubuntu/.rvm/gems/ruby-2.1.5/gems/stripe-rails-0.3.1/app/views/stripe/_js.html.erb (3.1ms)

每个请求唯一不同的是每次GET来自不同的IP。 54。###。##。###每次更改。 他们都不是用户,我很确定。

Started GET "/" for 54.###.##.### at 2015-04-01 21:37:44 +0000

这是某种负载攻击吗?我是新手,希望我能提供足够的信息来提供帮助,但如果我的分享不够,请请求更多信息。

/etc/apache2/sites-available/000-default.conf

    <VirtualHost *:80>
      ServerName ec2-54-###-###-##.us-west-2.compute.amazonaws.com
      # !!! Be sure to point DocumentRoot to 'public'!
      DocumentRoot /etc/projects/myapp/public

        <Directory /etc/projects/myapp/public>
                #Options FollowSymLinks
                Options Indexes FollowSymLinks Includes ExecCGI
                AllowOverride All
                Order deny,allow
                Allow from all
        </Directory>
   </VirtualHost>

修改

我按https://wiki.apache.org/httpd/ProxyAbuse添加了以下内容,但现在我收到了#34;您无权访问/在此服务器上。&#34; /etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
  ServerName default.only
  <Location />
    Order allow,deny
    Deny from all
  </Location>
</VirtualHost>

<VirtualHost *:80>
  ServerName ec2-54-##-###-##.us-west-2.compute.amazonaws.com
  # !!! Be sure to point DocumentRoot to 'public'!
  DocumentRoot /etc/projects/myapp/public

    <Directory /etc/projects/myapp/public>
            #Options FollowSymLinks
            Options Indexes FollowSymLinks Includes ExecCGI
            AllowOverride All
            Order deny,allow
            Allow from all
    </Directory>

1 个答案:

答案 0 :(得分:0)

在亚马逊上制定一条规则,禁止(或限制)该IP范围,直到你弄明白为止。您可以设置允许/禁止IP范围和端口的权限。