我有一个在 Windows 7 上运行的 Apache 2.2 网络服务器,设置了六个虚拟主机。
- 域名A指向
?:/.../urls/1/ - 域名B指向
?:/.../urls/2/ - 域名C+D指向
?:/.../urls/3/ - 域名E*指向
?:/.../urls/4/ - 我的公网 IP 指向
?:/.../urls/5/ - Localhost + 网络IP 指向
?:/.../urls/6/
(伪地址和路径)
编辑:配置中的实际顺序
- Localhost + 网络IP 指向
?:/.../urls/6/ - 我的公网 IP 指向
?:/.../urls/5/ - 域名A指向
?:/.../urls/1/ - 域名B指向
?:/.../urls/2/ - 域名C+D指向
?:/.../urls/3/ - 域名E*指向
?:/.../urls/4/
结束编辑
我还没有域名 E,所以现在我已在我的 hosts 文件中定义它,并且当我尝试通过域名在浏览器中访问它时它可以工作。
我一直在进行一些广泛的文件结构更改,并稍微改变了我的虚拟主机,所以现在每个站点都只显示一个测试页面,上面简单地说明了它是哪个站点。域名 A/B/C/等。每个站点都有自己的访问日志和错误日志。所有看似简单的东西。在本地主机上拥有一个私人网站对我来说是新鲜事。过去,本地主机、网络 IP 和域名 A 都指向我的主站点,因此没有考虑隐私问题。
现在让我担心的是,站点 6(应该只能通过localhost、127.0.0.1和访问192.168.1.100)正在访问日志中记录来自外部地址的访问。此站点拒绝除我自己的地址之外的所有地址,并且外部请求都按预期导致 403,无论它们是尝试访问 index.html 之类的真实文件还是某些虚假文件,尽管有几个请求导致了我不熟悉的 400 错误。当触发某些常见错误时,我会重定向到自定义错误脚本,以?code=$HTTP_CODE将 %ENV 数据转储到文件中,希望我可以收集有关这些访问的一些有用信息,并向用户返回错误页面。到目前为止,对我来说没有任何意义。
我想知道这些请求是如何/为何到达我的内部地址的,我是否应该担心任何东西被?:/.../urls/6/公众看到,我是否在 Apache 中配置了任何错误,如果是,如何修复它。
以下是一些可能相关的代码片段。路径和我的网址已被混淆。
hosts 文件
127.0.0.1 domain-name-E.com # domain that i don't own yet
127.0.0.1 www.domain-name-E.com # domain that i don't own yet
httpd-vhosts.conf编辑:调整以显示 VH 的实际顺序
<Directory "?:/.../urls/">
Order Deny,Allow
Allow from all
</Directory>
NameVirtualHost *:80
# site 6: private
<VirtualHost *:80>
DocumentRoot "?:/.../urls/6/www/"
ServerName localhost
ServerAlias 127.0.0.1
ServerAlias 192.168.1.100
ScriptAlias /cgi/ "?:/.../urls/6/cgi/"
<Directory "?:/.../urls/6/cgi/">
AllowOverride All
</Directory>
ErrorLog "?:/.../logs/errors-site6.log"
# CustomLog "?:/.../logs/access-site6.log" common
LogFormat "%{%Y/%m/%d (%a) at %H:%M:%S}t %a Login: %u Sent: %B B in %D µs Status: %s/%>s for %H %m %{Host}i%U%q Using: %{User-agent}i From: %{Referer}i" custom
CustomLog "?:/.../logs/access-site6.log" custom env=!dontlog
SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
SetEnvIf Remote_Addr "192\.168\.1\..*" dontlog
SetEnvIf Remote_Addr "XXX\.XXX\.XXX\.XXX" dontlog # my public IP address
</VirtualHost>
# site 5 here
# site 1 here
# site 2 here
# site 3 here
# site 4 here
:/.../urls/6/.htaccess
# site 6: private
Deny from all
Allow from 127.0.0.1
Allow from 192.168.1
Allow from XXX.XXX.XXX.XXX # my public IP address
?:/.../logs/access-site6.log(对齐稍微整理了一下)
# timestamp # IP # domain/path?query # agent # referrer
2019/06/24 (Mon) at 18:50:52 61.219.11.153 Login: - Sent: 226 B in 3001 µs Status: 400/400 for HTTP/1.1 GET -/ Using: - From: -
2019/06/24 (Mon) at 19:08:14 104.152.52.22 Login: - Sent: 1211 B in 512029 µs Status: 403/403 for HTTP/1.0 GET -/?code=403 Using: masscan/1.0 (https://github.com/robertdavidgraham/masscan) From: -
2019/06/25 (Tue) at 00:12:51 138.99.29.110 Login: - Sent: 226 B in 3001 µs Status: 400/400 for HTTP/1.1 GET -/Login.htm Using: - From: -
2019/06/25 (Tue) at 02:26:21 122.116.24.230 Login: - Sent: 226 B in 3000 µs Status: 400/400 for HTTP/1.1 GET -/Login.htm Using: - From: -
2019/06/25 (Tue) at 04:21:55 92.63.194.15 Login: - Sent: 1211 B in 365021 µs Status: 403/403 for HTTP/0.9 GET -/?code=403 Using: - From: -
2019/06/25 (Tue) at 09:28:05 89.248.169.12 Login: - Sent: 1211 B in 309018 µs Status: 403/403 for HTTP/1.1 GET 80/?code=403 Using: Mozilla/5.0 zgrab/0.x From: -
2019/06/25 (Tue) at 10:07:53 185.53.88.37 Login: - Sent: 0 B in 384022 µs Status: 403/403 for HTTP/1.0 GET -/robots.txt?code=403 Using: - From: -
2019/06/25 (Tue) at 10:48:16 77.247.110.106 Login: - Sent: 0 B in 464027 µs Status: 403/403 for HTTP/1.0 GET -/robots.txt?code=403 Using: - From: -
2019/06/25 (Tue) at 13:46:30 192.31.231.241 Login: - Sent: 1211 B in 519029 µs Status: 403/403 for HTTP/1.1 GET default/.html?code=403 Using: curl/7.64.1 From: -
2019/06/25 (Tue) at 15:14:24 77.247.110.106 Login: - Sent: 0 B in 375022 µs Status: 403/403 for HTTP/1.0 GET -/robots.txt?code=403 Using: - From: -
2019/06/25 (Tue) at 21:00:55 220.133.33.166 Login: - Sent: 226 B in 3001 µs Status: 400/400 for HTTP/1.1 GET -/Login.htm Using: - From: -
2019/06/26 (Wed) at 01:33:22 110.249.212.46 Login: - Sent: 226 B in 2000 µs Status: 400/400 for HTTP/1.1 GET -/testget?q=23333&port=80 Using: - From: -
:/.../logs/errors-site6.log
[Mon Jun 24 18:50:52 2019] [error] [client 61.219.11.153] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Mon Jun 24 19:08:14 2019] [error] [client 104.152.52.22] client denied by server configuration: ?:/.../urls/6/www/
[Tue Jun 25 00:12:51 2019] [error] [client 138.99.29.110] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /Login.htm
[Tue Jun 25 02:26:21 2019] [error] [client 122.116.24.230] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /Login.htm
[Tue Jun 25 04:21:55 2019] [error] [client 92.63.194.15] client denied by server configuration: ?:/.../urls/6/www/
[Tue Jun 25 09:28:05 2019] [error] [client 89.248.169.12] client denied by server configuration: ?:/.../urls/6/www/
[Tue Jun 25 10:07:53 2019] [error] [client 185.53.88.37] client denied by server configuration: ?:/.../urls/6/www/robots.txt
[Tue Jun 25 10:48:17 2019] [error] [client 77.247.110.106] client denied by server configuration: ?:/.../urls/6/www/robots.txt
[Tue Jun 25 13:46:30 2019] [error] [client 192.31.231.241] client denied by server configuration: ?:/.../urls/6/www/.html
[Tue Jun 25 15:14:24 2019] [error] [client 77.247.110.106] client denied by server configuration: ?:/.../urls/6/www/robots.txt
[Tue Jun 25 21:00:55 2019] [error] [client 220.133.33.166] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /Login.htm
[Wed Jun 26 01:33:22 2019] [error] [client 110.249.212.46] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /testget
?:/.../logs/detail-site6.log(对齐稍微整理了一下,并省略了一些不相关的键/值对)
2019/06/24 at 07:08:15 PM
$VAR1 = {
'DOCUMENT_ROOT' => '?:/.../urls/6/www/',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'HTTP_ACCEPT' => '*/*',
'HTTP_USER_AGENT' => 'masscan/1.0 (https://github.com/robertdavidgraham/masscan)',
'QUERY_STRING' => 'code=403',
'REDIRECT_REQUEST_METHOD' => 'GET',
'REDIRECT_STATUS' => '403',
'REDIRECT_URL' => '/',
'REMOTE_ADDR' => '104.152.52.22',
'REMOTE_PORT' => '48100',
'REQUEST_METHOD' => 'GET',
'REQUEST_URI' => '/',
'SCRIPT_FILENAME' => '?:/.../urls/6/cgi/error/.pl',
'SCRIPT_NAME' => '/cgi/error/.pl',
'SERVER_ADDR' => '192.168.1.100',
'SERVER_NAME' => 'localhost',
'SERVER_PORT' => '80',
'SERVER_PROTOCOL' => 'HTTP/1.0',
'SERVER_SIGNATURE' => '',
'SERVER_SOFTWARE' => 'Apache',
};
2019/06/25 at 04:21:55 AM
$VAR1 = {
'DOCUMENT_ROOT' => '?:/.../urls/6/www/',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'QUERY_STRING' => 'code=403',
'REDIRECT_REQUEST_METHOD' => '',
'REDIRECT_STATUS' => '403',
'REDIRECT_URL' => '/',
'REMOTE_ADDR' => '92.63.194.15',
'REMOTE_PORT' => '1468',
'REQUEST_METHOD' => 'GET',
'REQUEST_URI' => '',
'SCRIPT_FILENAME' => '?:/.../urls/6/cgi/error/.pl',
'SCRIPT_NAME' => '/cgi/error/.pl',
'SERVER_ADDR' => '192.168.1.100',
'SERVER_NAME' => 'localhost',
'SERVER_PORT' => '80',
'SERVER_PROTOCOL' => 'HTTP/0.9',
'SERVER_SIGNATURE' => '',
'SERVER_SOFTWARE' => 'Apache',
};
2019/06/25 at 09:28:05 AM
$VAR1 = {
'DOCUMENT_ROOT' => '?:/.../urls/6/www/',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'HTTP_ACCEPT' => '*/*',
'HTTP_ACCEPT_ENCODING' => 'gzip',
'HTTP_HOST' => '80',
'HTTP_USER_AGENT' => 'Mozilla/5.0 zgrab/0.x',
'QUERY_STRING' => 'code=403',
'REDIRECT_REQUEST_METHOD' => 'GET',
'REDIRECT_STATUS' => '403',
'REDIRECT_URL' => '/',
'REMOTE_ADDR' => '89.248.169.12',
'REMOTE_PORT' => '32902',
'REQUEST_METHOD' => 'GET',
'REQUEST_URI' => '/',
'SCRIPT_FILENAME' => '?:/.../urls/6/cgi/error/.pl',
'SCRIPT_NAME' => '/cgi/error/.pl',
'SERVER_ADDR' => '192.168.1.100',
'SERVER_NAME' => '80',
'SERVER_PORT' => '80',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'SERVER_SIGNATURE' => '',
'SERVER_SOFTWARE' => 'Apache',
};
2019/06/25 at 10:07:53 AM
$VAR1 = {
'DOCUMENT_ROOT' => '?:/.../urls/6/www/',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'QUERY_STRING' => 'code=403',
'REDIRECT_REQUEST_METHOD' => 'HEAD',
'REDIRECT_STATUS' => '403',
'REDIRECT_URL' => '/robots.txt',
'REMOTE_ADDR' => '185.53.88.37',
'REMOTE_PORT' => '58418',
'REQUEST_METHOD' => 'GET',
'REQUEST_URI' => '/robots.txt',
'SCRIPT_FILENAME' => '?:/.../urls/6/cgi/error/.pl',
'SCRIPT_NAME' => '/cgi/error/.pl',
'SERVER_ADDR' => '192.168.1.100',
'SERVER_NAME' => 'localhost',
'SERVER_PORT' => '80',
'SERVER_PROTOCOL' => 'HTTP/1.0',
'SERVER_SIGNATURE' => '',
'SERVER_SOFTWARE' => 'Apache',
};
2019/06/25 at 10:48:17 AM
$VAR1 = {
'DOCUMENT_ROOT' => '?:/.../urls/6/www/',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'QUERY_STRING' => 'code=403',
'REDIRECT_REQUEST_METHOD' => 'HEAD',
'REDIRECT_STATUS' => '403',
'REDIRECT_URL' => '/robots.txt',
'REMOTE_ADDR' => '77.247.110.106',
'REMOTE_PORT' => '54263',
'REQUEST_METHOD' => 'GET',
'REQUEST_URI' => '/robots.txt',
'SCRIPT_FILENAME' => '?:/.../urls/6/cgi/error/.pl',
'SCRIPT_NAME' => '/cgi/error/.pl',
'SERVER_ADDR' => '192.168.1.100',
'SERVER_NAME' => 'localhost',
'SERVER_PORT' => '80',
'SERVER_PROTOCOL' => 'HTTP/1.0',
'SERVER_SIGNATURE' => '',
'SERVER_SOFTWARE' => 'Apache',
};
2019/06/25 at 01:46:30 PM
$VAR1 = {
'DOCUMENT_ROOT' => '?:/.../urls/6/www/',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'HTTP_ACCEPT' => '*/*',
'HTTP_HOST' => 'default',
'HTTP_USER_AGENT' => 'curl/7.64.1',
'QUERY_STRING' => 'code=403',
'REDIRECT_REQUEST_METHOD' => 'DKEMDIF&0',
'REDIRECT_STATUS' => '403',
'REDIRECT_URL' => '/.html',
'REMOTE_ADDR' => '192.31.231.241',
'REMOTE_PORT' => '33716',
'REQUEST_METHOD' => 'GET',
'REQUEST_URI' => '/.html',
'SCRIPT_FILENAME' => '?:/.../urls/6/cgi/error/.pl',
'SCRIPT_NAME' => '/cgi/error/.pl',
'SERVER_ADDR' => '192.168.1.100',
'SERVER_NAME' => 'default',
'SERVER_PORT' => '80',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'SERVER_SIGNATURE' => '',
'SERVER_SOFTWARE' => 'Apache',
};
2019/06/25 at 03:14:24 PM
$VAR1 = {
'DOCUMENT_ROOT' => '?:/.../urls/6/www/',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'QUERY_STRING' => 'code=403',
'REDIRECT_REQUEST_METHOD' => 'HEAD',
'REDIRECT_STATUS' => '403',
'REDIRECT_URL' => '/robots.txt',
'REMOTE_ADDR' => '77.247.110.106',
'REMOTE_PORT' => '61954',
'REQUEST_METHOD' => 'GET',
'REQUEST_URI' => '/robots.txt',
'SCRIPT_FILENAME' => '?:/.../urls/6/cgi/error/.pl',
'SCRIPT_NAME' => '/cgi/error/.pl',
'SERVER_ADDR' => '192.168.1.100',
'SERVER_NAME' => 'localhost',
'SERVER_PORT' => '80',
'SERVER_PROTOCOL' => 'HTTP/1.0',
'SERVER_SIGNATURE' => '',
'SERVER_SOFTWARE' => 'Apache',
};
这可能是我的路由器配置错误吗?还是我的机器或路由器上有恶意软件在向我报告?如果是这样,我该如何检查,我能尽快阻止它吗?
或者这只是正常的混乱的互联网流量,我可以忽略它并放心,因为知道它永远不会看到我的私人网站?
答案1
当你想要一个只响应查询的虚拟主机时http://localhost 不要让该虚拟主机在所有 IP 地址上都可用使用 IP 地址通配符:
<VirtualHost *:80>
ServerName localhost
看精确 VHost 匹配规则手册但是执行上述操作只会为 Apache httpd 提供一个鉴别器,用于选择哪些请求应该由此虚拟主机处理,即当请求包含标Host: localhost头时,它不会验证该请求是针对localhostIP 地址 127.0.0.1还是环回网络接口发出的。
而是使用以下任一方式将该 VHost 绑定到特定的本地主机 IP 地址
<VirtualHost 127.0.0.1:80>
ServerName localhost
或同等
<VirtualHost localhost:80>
ServerName localhost