Fail2ban 中的 Nginx 代理过滤器到底起什么作用?
我目前正在为 Nginx 设置 Fail2Ban。我读过的几乎所有文章都包含[nginx-proxy]代理过滤器的设置。从示例中,我可以看到此过滤器如何在日志中禁止执行以下操作的 ipaddress:
58.218.204.110 - - [06/Mar/2011:08:04:42 -0800] "GET http://www.shopsline.com/proxyheader.php HTTP/1.1" 404 505 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.199.147 - - [06/Mar/2011:11:01:33 -0800] "GET http://www.foodnese.com/indux.php HTTP/1.1" 404 498 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.199.147 - - [06/Mar/2011:16:00:18 -0800] "GET http://98.126.64.106/judge123.php HTTP/1.1" 403 502 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [06/Mar/2011:16:19:08 -0800] "GET http://98.126.64.106/judge123.php HTTP/1.1" 403 502 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.199.147 - - [06/Mar/2011:18:30:13 -0800] "GET http://www.travelimgusa.com/ip.php HTTP/1.1" 404 499 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.199.147 - - [06/Mar/2011:23:27:23 -0800] "GET http://www.seektwo.com/proxy-1.php HTTP/1.1" 404 499 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [07/Mar/2011:00:36:45 -0800] "GET http://www.eduju.com/proxyheader.php HTTP/1.1" 404 501 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.199.147 - - [07/Mar/2011:04:27:13 -0800] "GET http://www.eduju.com/proxyheader.php HTTP/1.1" 404 501 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.199.147 - - [07/Mar/2011:09:24:13 -0800] "GET http://98.126.64.106/judge123.php HTTP/1.1" 403 502 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.199.147 - - [07/Mar/2011:14:25:03 -0800] "GET http://www.foodnese.com/indux.php HTTP/1.1" 404 498 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.199.147 - - [07/Mar/2011:16:54:09 -0800] "GET http://www.foodnese.com/indux.php HTTP/1.1" 404 498 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.199.147 - - [07/Mar/2011:19:21:51 -0800] "GET http://www.racross.com/proxyheader.php HTTP/1.1" 404 503 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.199.147 - - [08/Mar/2011:05:19:50 -0800] "GET http://piceducation.com/proxyheader.php HTTP/1.1" 301 605 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.199.147 - - [08/Mar/2011:15:15:22 -0800] "GET http://www.piggmail.com/proxyheader.php HTTP/1.1" 404 504 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.199.147 - - [08/Mar/2011:17:43:58 -0800] "GET http://www.cjpjp.com/proxyheader.php HTTP/1.1" 404 501 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.199.147 - - [08/Mar/2011:20:14:15 -0800] "GET http://98.126.64.106/judge123.php HTTP/1.1" 403 502 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
但我不明白的是,这些人到底想做什么?这些 IP 地址是否试图使用我的服务器为他们获取另一个网站?这些代理攻击如何工作?我似乎找不到太多关于如何将我的服务器用作代理以及为什么我需要代理过滤器的信息。