讲实话我是有在好好搞这个服务器哦,当关注了一段时间(也就是一天)access log之后我发现了一些有意思的事情。
嗯我实在有些闲了妈的看了大半天的access log

User-Agent也能打广告

我发现Nginx有这么几条访问日志实在是很神奇:

1
2
35.203.210.39 - - [14/Feb/2024:20:02:24 +0000] "GET / HTTP/1.1" 301 169 "-" "Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com" "-"
35.203.210.39 - - [14/Feb/2024:20:02:24 +0000] "GET / HTTP/1.1" 200 6024 "http://15.152.50.112:80/" "Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com" "-"

估计也就是我这种才会盯着access log看吧。不过既然发现了也不能坐视不理,说实话门户nginx还是要“应封尽封”。

说实话我也不知道这种诸如遍历IP然后被扫到了会有啥风险,但是既然看见了,那就直接干掉吧。

How to block direct IP access to your Nginx web server

default.conf

1
2
3
4
5
6
7
server {
    listen      80 default_server;
    listen      [::]:80 default_server;

    server_name "";
    return      444; #CONNECTION CLOSED WITHOUT RESPONSE
}

example.conf

1
2
3
4
5
6
7
8
server {
    ...
    # Only allow access if the host is correct
    if ( $host != "example.com" ){
        return 444; #CONNECTION CLOSED WITHOUT RESPONSE
    }
    ...
}

这样配置之后所有不是通过预期域名进行的访问都会直接拒绝服务,毕竟没有什么服务比不提供服务更加安全了。

The safest server is no server