我在 ubuntu 上有一些 apache 服务器,有时候会出现很多/var/log/apache2/access.log如下需求:
115.231.218.252 - - [04/Dec/2017:08:35:38 -0500] "CONNECT www.alipay.com:443 HTTP/1.1" 403 451 "-" "Go 1.1 package http"
118.123.12.179 - - [04/Dec/2017:08:36:08 -0500] "GET http://www.search.com/?rnd=_72367536011469122613864 HTTP/1.1" 403 450 "-" "-"
有很多这样的请求,我通过白名单 IP 地址过滤了它们,这些请求可能会访问我的服务器,但我不喜欢这个解决方案
我的服务的正确请求如下:
95.79.59.202 - - [04/Dec/2017:08:34:43 -0500] "GET /js/comments.js?1461239263 HTTP/1.1" 200 2563 "data" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
正确的请求从不以http
modproxy 被禁用开始,并且我不需要以任何形式在该站点上安装代理有没有办法禁用所有http资源请求,而不仅仅是本地的?
加载的模块有:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
unixd_module (static)
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cgid_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
expires_module (shared)
filter_module (shared)
headers_module (shared)
mime_module (shared)
mpm_event_module (shared)
negotiation_module (shared)
perl_module (shared)
rewrite_module (shared)
security2_module (shared)
setenvif_module (shared)
status_module (shared)
unique_id_module (shared)
答案1
您可以使用以下方法有条件地阻止请求模组重写。
例如,以下内容将阻止请求的 URI 以 http:// 或 https:// 开头的 GET 和 POST 请求
RewriteEngine On
RewriteCond %{THE_REQUEST} "^(GET|POST) https?://"
RewriteRule ^ - [F]