我有一个 magento2 商店(有 10609 种产品),运行在 ec2 实例(ubuntu 20.04、16 核和 32GB 内存)上。它是一台共享服务器,暂存和实时都在同一个实例上。
几天前,我收到亚马逊的更新,说 CPU 使用率很高。当我追踪 Php-fpm 日志、慢速日志和访问日志时,我发现访问日志中出现了突然清除事件。当我看到 PHP-fpm 日志时,它一切正常。
访问日志
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
[01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:22 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:23 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:23 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:23 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:23 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:23 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:23 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:23 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:23 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:23 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:23 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:23 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
. - - [01/Jan/2023:07:32:23 +0300] "PURGE / HTTP/1.1" 301 178 "-" "-"
php的配置文件如下:
pm = dynamic
pm.max_children = 70
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 7
php_value[upload_tmp_dir] =
php_value[session.save_path] =
php_admin_value[error_log] = /home/logs/
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 2048M
pm.max_requests = 500
request_slowlog_timeout = 10
slowlog = /home/logs/php_slow.log
数据库配置如下
* Fine Tuning
max_connections = 2000
connect_timeout = 50
wait_timeout = 600
max_allowed_packet = 2048M
thread_cache_size = 128
sort_buffer_size = 4M
bulk_insert_buffer_size = 16M
tmp_table_size = 32M
max_heap_table_size = 32M
default_storage_engine = InnoDB
innodb_buffer_pool_size = 10G
innodb_log_buffer_size = 16M
innodb_file_per_table = 1
innodb_open_files = 400
innodb_io_capacity = 400
innodb_flush_method = O_DIRECT
[1]: https://i.stack.imgur.com/0A4w1.jpg
[2]: https://i.stack.imgur.com/l8Lk9.jpg
答案1
互联网上的任何实体都可能已将这些PURGE /请求发送到您的网络服务器。
这可能是一次拒绝服务攻击的尝试。
有几种方法可以尝试缓解该问题:
- 如果 Magento 不使用
PURGE任何有用的请求,您可以在 nginx 配置中拒绝它们 - 如果 Magento 出于某些目的使用这些,那么您可以考虑对此端点实施速率限制,例如每分钟 5 个请求。实际数量需要由 Magento 使用模式确定。
- 速率限制可以通过您的 Web 服务器本地实现,也可以通过 Cloudflare 之类的服务实现。
没有任何单一的设置可以神奇地解决这个问题。