我最近注意到 Apache 的访问日志中有以下消息:
"GET http://api.ipify.org/ HTTP/1.1" 200 251
"GET http://boxun.com/ HTTP/1.1" 200 251
"GET http://www.epochtimes.com/ HTTP/1.1" 200 251
"GET http://www.123cha.com/ HTTP/1.1" 200 251
这些请求看起来没什么恶意,但令我担心的是 Apache 的响应是 200。这是否意味着它很乐意充当对其他域的请求的代理服务器?我对此感到担心是否正确?我是否可以配置一个设置来阻止它这样做?
另外,这些请求如何到达我的服务器?有没有办法制作一个 cURL 命令来向不相关的域发出特定 URL 的 GET 请求?
apachectl -S
这是将我的域名替换为的结果example.com
:
VirtualHost configuration:
*:443 is a NameVirtualHost
default server example.com (/etc/httpd/conf/extra/httpd-ssl.conf:121)
port 443 namevhost example.com (/etc/httpd/conf/extra/httpd-ssl.conf:121)
wild alias *.example.com
port 443 namevhost sample.example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:72)
alias www.sample.example.com
alias example.com/sample
port 443 namevhost test.example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:101)
alias example.com/test
port 443 namevhost comp.example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:113)
alias example.com/comp
port 443 namevhost less.example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:125)
port 443 namevhost nothing.example.com (/etc/httpd/conf/extra/nothing.conf:13)
*:80 is a NameVirtualHost
default server example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:66)
port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:66)
port 80 namevhost sample.example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:72)
alias www.sample.example.com
alias example.com/sample
port 80 namevhost test.example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:101)
alias example.com/test
port 80 namevhost comp.example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:113)
alias example.com/comp
port 80 namevhost less.example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:125)
port 80 namevhost nothing.example.com (/etc/httpd/conf/extra/nothing.conf:13)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/srv/http"
Main ErrorLog: "/var/log/httpd/error_log"
Mutex proxy-balancer-shm: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="http" id=33
Group: name="http" id=33
以下是使用 curl 发送此类请求的结果:
$ curl -vs -o /dev/null -H 'Host: api.ipify.org' http://example.com/
* Trying 93.184.216.34...
* TCP_NODELAY set
* Connected to example.com (93.184.216.34) port 80 (#0)
> GET / HTTP/1.1
> Host: api.ipify.org
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Fri, 19 Oct 2018 20:28:12 GMT
< Server: Apache/2.4.35 (Unix) OpenSSL/1.1.1
< Upgrade: h2
< Connection: Upgrade
< Last-Modified: Tue, 03 Jul 2018 14:20:39 GMT
< ETag: "fb-5701904b6ba1c"
< Accept-Ranges: bytes
< Content-Length: 251
< Content-Type: text/html
<
{ [251 bytes data]
* Connection #0 to host example.com left intact
$ tail -n 1 /var/log/httpd/access_log
"GET / HTTP/1.1" 200 251
答案1
您的服务器无法决定客户端与哪个域联系,这是 DNS 服务器的特权。
您肯定有一个“包罗万象”的虚拟主机,根据 Apache 手册,第一个加载的虚拟主机将响应所有与任何其他虚拟主机要求不匹配的请求。
您可以尝试这种方法,只需在您的 hosts 文件 (linux 客户端的 /etc/hosts,windows 客户端的 c:\Windows\System32\drivers\etc\hosts) 中添加一个条目,将您的服务器 IP 与任何域绑定,example.com 就是一个很好的例子。
现在如果你尝试打开http://example.com,您将看到服务器第一个配置的虚拟主机的 DirectoryIndex,并且您的日志中会有一行内容,表明有人(您)请求http://example.com从您的服务器,它得到了 200 OK 作为响应。