我的appengine应用程序(分类广告webapp)正在通过同一网址的许多不同IP号码获得许多请求(323.2请求/分钟当前):我现在正在删除。阻止IP号码会更好,但它们通常是不同的IP号码。
URI Requests/Minute Current Requests Last 24 hours Runtime MCycles Last hour Average latency Last hour Traces Last 24 hours
/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recom 323.2 829,675 32 10,638 ms View Traces
/vi/5969701968543744.html 292.6 774,964 25 6,530 ms View Traces
/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgLTTq7YKDA/recom 159.8 423,785 34 10,282 ms View Traces
/vi/5868493903757312.html 149.2 397,066 24 6,497 ms View Traces
日志跟踪如下所示
18:59:23.918
GET
404
84 B
74 ms
IE 9
/vi/5969701968543744.html?msgid=msg_sent
182.46.160.242 - - [11/Jan/2017:18:59:23 +0100] "GET /vi/5969701968543744.html?msgid=msg_sent HTTP/1.1" 404 84 http://www.koolbusiness.com/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "www.koolbusiness.com" ms=74 cpu_ms=11 cpm_usd=9.387e-9 loading_request=0 instance=00c61b117c9b23bf4ab6026a69ae3bb6b1e412ed8006b8648c1b0d5280223769dbff63ca71fe0aed app_engine_release=1.9.48 trace_id=-
{
protoPayload: {…}
insertId: "5876727c000a14efe5072c1c"
httpRequest: {…}
resource: {…}
timestamp: "2017-01-11T17:59:23.918225Z"
labels: {…}
logName: "projects/montaoproject/logs/appengine.googleapis.com%2Frequest_log"
operation: {…}
}
它返回404并且IP号码通常不同,但是当我谷歌中的一个IP号码时,它被报告为"坏IP"在中国
302看起来像这样,我将修复它以便它返回404。
18:59:23.816
POST
302
209 B
139 ms
IE 9
/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend
182.38.139.77 - - [11/Jan/2017:18:59:23 +0100] "POST /market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend HTTP/1.1" 302 209 http://www.koolbusiness.com/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "www.koolbusiness.com" ms=139 cpu_ms=24 cpm_usd=1.1298799999999999e-7 loading_request=0 instance=00c61b117c9b23bf4ab6026a69ae3bb6b1e412ed8006b8648c1b0d5280223769dbff63ca71fe0aed app_engine_release=1.9.48 trace_id=-
{
protoPayload: {…}
insertId: "5876727c000a14dc603e5441"
httpRequest: {…}
resource: {…}
timestamp: "2017-01-11T17:59:23.816690Z"
labels: {…}
logName: "projects/montaoproject/logs/appengine.googleapis.com%2Frequest_log"
operation: {…}
}
该类如下所示,我即将更改,以便在删除内容时返回404。
class Recommend(Base2Handler):
csrf_protect = False
def post(self, key):
ad = db.get(db.Key(key))
email = self.request.POST['tip_email']
msg = unicode(self.request.POST['tip_msg'])
if isinstance(msg, unicode):
msg = msg.encode('utf-8')
name = self.request.POST['tip_name']
if isinstance(name, unicode):
name = name.encode('utf-8')
title = ad.title
if isinstance(title, unicode):
title = title.encode('utf-8')
host = self.request.host
senderemail = \
(users.get_current_user().email() if users.get_current_user() else ('info@montao.com.br'
if host.endswith('.br'
) else 'Kool Business <info@koolbusiness.com>'))
recommends = _('has recommended')
message = mail.EmailMessage(sender=senderemail,
subject='%s %s %s' % (name,
recommends, title))
message.to = email
message.body = '%s %s/vi/%s.html' % (msg, host, ad.key().id())
message.send()
matched_images = ad.matched_images
count = matched_images.count()
if ad.text:
p = re.compile(r'(www[^ ]*|http://[^ ]*)')
text = p.sub(r'<a href="http://\1" rel="nofollow">\1</a>',
ad.text.replace('http://', ''))
else:
text = None
#self.response.out.write('Message sent<br>')
self.redirect('/vi/%d.html?msgid=msg_sent' % (ad.key().id(), ))
我想我应该将其更改为对于未发布的内容返回404的内容
class Recommend(Base2Handler):
csrf_protect = False
def post(self, key):
ad = db.get(db.Key(key))
if not ad.published:
return self.error(404)
还有什么我可以做的吗?该模型如下。
class Ad(db.Model):
cities = db.ListProperty(db.Key)
regions = db.ListProperty(db.Key)
blobs = db.ListProperty(db.BlobKey)
primary_image = blobstore.BlobReferenceProperty()
usr = db.ReferenceProperty() # ndb_model.KeyProperty()
hasimages = db.BooleanProperty(default=False,
verbose_name='has_images')
userID = db.StringProperty(verbose_name='User ID')
integer_price = db.IntegerProperty()
ip = db.StringProperty(verbose_name='ip')
ipcountry = db.StringProperty(indexed=False, verbose_name='origin')
tags = db.ListProperty(db.Category)
category = db.CategoryProperty(verbose_name='Category')
title = db.StringProperty(verbose_name='title') # required
type = db.StringProperty(verbose_name='ContentType') # sell,wanted,rent,lease,buy
company_ad = db.BooleanProperty(default=False,
verbose_name='company_ad') # false or nothing
user = db.UserProperty(verbose_name='userid')
im = db.IMProperty(verbose_name='nickname') # optional, xmpp
city = db.StringProperty() # postaladdress should work instead
region = db.StringProperty() # postaladdress should work instead
url = db.StringProperty(verbose_name='url')
geopt = db.GeoPtProperty(verbose_name='geopt')
text = db.TextProperty(verbose_name='text')
currency = db.StringProperty(choices=(
'INR',
'EUR',
'ARS',
'AUD',
'BRL',
'GBP',
'CAD',
'CZK',
'DKK',
'HKD',
'HUF',
'ILS',
'JPY',
'MXN',
'NZD',
'NOK',
'PLN',
'PHP',
'SGD',
'SEK',
'SGD',
'CHF',
'USD',
'THB',
'TWB',
), verbose_name='Currency')
price = db.StringProperty(verbose_name='price')
phonenumber = db.PhoneNumberProperty(indexed=False,
verbose_name='phonenumber') # viewbit
phoneview = db.BooleanProperty(default=False,
verbose_name='phoneview')
email = db.EmailProperty(verbose_name='Email') # optional
name = db.StringProperty(verbose_name='Name')
published = db.BooleanProperty(default=True,
verbose_name='published')
答案 0 :(得分:1)
启用csrf_protect肯定有帮助。当他们看到自己的帖子没有得到处理时,他们会快速放弃。
目前,他们可能会尝试使用暴力在您的网站上发布垃圾邮件。