这是我与rack-attack的第一次互动,所以请随时指出我在代码中可能遇到的任何错误。
我正在尝试的是将那些试图访问ip
之类的路由的"/azenv.php", "/setup.php" etc..
列入黑名单。由于这些人经常使用一些随机的.php
网址,并且可能试图取下服务器,我认为开始阻止他们可能是一个好主意,但显然机架攻击并没有阻止试图访问上述网址的任何ip
。
我试图运行的代码块是:
class Rack::Attack
Rack::Attack.whitelist('allow from localhost') do |req|
# Requests are allowed if the return value is truthy
'127.0.0.1' == req.ip || '::1' == req.ip || '122.166.130.230' == req.ip
end
Rack::Attack.blacklist("Block Referrer Analytics Spam") do |request|
spammerList = ENV.has_key?("spammerList") ? ENV["spammerList"].split(',') : []
spammerList.find { |spammer| request.referer =~ %r{#{spammer}} }
end
Rack::Attack.blacklist('bad_login_ip') do |req|
(req.post? && req.path == "/users/sign_in" && IPCat.datacenter?(req.ip))
end
Rack::Attack.blacklist('Stupid IP for PHP') do |req|
if req.path == "/azenv.php" || req.path == "/testproxy.php" || req.path == "//web/scripts/setup.php"
req.ip
end
# req.path.include?(".php")
end
Rack::Attack.throttle('req/ip', limit: 300, period: 5.minutes) do |req|
req.remote_ip if ['/assets', '/check'].any? {|path| req.path.starts_with? path }
end
Rack::Attack.throttle('req/ip', :limit => 5, :period => 20.seconds) do |req|
if req.path == '/users/sign_in' && req.post?
req.ip
end
end
Rack::Attack.throttle("logins/email", :limit => 5, :period => 20.seconds) do |req|
if req.path == '/users/sign_in' && req.post?
# return the email if present, nil otherwise
req.params['email'].presence
end
end
end
很少有人来自他们的维基。如果这里有任何问题,请更正。
更新
这是我在给定示例中尝试的一段代码:
Rack::Attack.blacklist('fail2ban pentesters') do |req|
# `filter` returns truthy value if request fails, or if it's from a previously banned IP
# so the request is blocked
Rack::Attack::Fail2Ban.filter("pentesters-#{req.ip}", :maxretry => 1, :findtime => 10.minutes, :bantime => 5.minutes) do
# The count for the IP is incremented if the return value is truthy
req.path.include?('/testproxy.php') ||
req.path.include?('azenv.php')
end
end
答案 0 :(得分:0)
@abhinay您能否澄清一下您希望被阻止哪些请求成功?
如果你想阻止来自已经提供一些PHP请求的IP地址的所有请求,你需要一个Fail2Ban,比如@frederickcheung建议。
自述文件和维基有例子。
答案 1 :(得分:0)
您是否尝试将环境变量移出块,
例如:
spammerList = ENV.has_key?("spammerList") ? ENV["spammerList"].split(',') : []
Rack::Attack.blacklist("Block Referrer Analytics Spam") do |request|
spammerList.find { |spammer| request.referer =~ %r{#{spammer}} }
end