apache 拒绝所有代理请求

apache 拒绝所有代理请求

我在 ubuntu 上有一些 apache 服务器,有时候会出现很多/var/log/apache2/access.log如下需求:

115.231.218.252 - - [04/Dec/2017:08:35:38 -0500] "CONNECT www.alipay.com:443 HTTP/1.1" 403 451 "-" "Go 1.1 package http"
118.123.12.179 - - [04/Dec/2017:08:36:08 -0500] "GET http://www.search.com/?rnd=_72367536011469122613864 HTTP/1.1" 403 450 "-" "-"

有很多这样的请求,我通过白名单 IP 地址过滤了它们,这些请求可能会访问我的服务器,但我不喜欢这个解决方案

我的服务的正确请求如下:

95.79.59.202 - - [04/Dec/2017:08:34:43 -0500] "GET /js/comments.js?1461239263 HTTP/1.1" 200 2563 "data" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"

正确的请求从不以http
modproxy 被禁用开始,并且我不需要以任何形式在该站点上安装代理有没有办法禁用所有http资源请求,而不仅仅是本地的?

加载的模块有:

 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 access_compat_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cgid_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 expires_module (shared)
 filter_module (shared)
 headers_module (shared)
 mime_module (shared)
 mpm_event_module (shared)
 negotiation_module (shared)
 perl_module (shared)
 rewrite_module (shared)
 security2_module (shared)
 setenvif_module (shared)
 status_module (shared)
 unique_id_module (shared)

答案1

您可以使用以下方法有条件地阻止请求模组重写

例如,以下内容将阻止请求的 URI 以 http:// 或 https:// 开头的 GET 和 POST 请求

RewriteEngine On
RewriteCond %{THE_REQUEST} "^(GET|POST) https?://"
RewriteRule ^ - [F]

相关内容