Apache 服务器正在接收此类流量。由于该服务器没有响应。请建议我们如何处理此问题。
78.135.85.252 - - [07/May/2023:16:08:33 +0000] "\x16\x03\x01" 400 492 "-" "-"
3.88.173.121 - - [07/May/2023:16:08:34 +0000] "CONNECT 92.53.96.128:443 HTTP/1.1" 200 148 "-" "-"
3.88.173.121 - - [07/May/2023:16:08:34 +0000] "\x16\x03\x01\x02" 400 492 "-" "-"
78.135.85.252 - - [07/May/2023:16:08:36 +0000] "CONNECT m.113kp.com:443 HTTP/1.1" 200 204 "-" "-"
78.135.85.252 - - [07/May/2023:16:08:36 +0000] "\x16\x03\x01" 400 492 "-" "-"
54.209.41.100 - - [07/May/2023:16:08:36 +0000] "CONNECT 185.215.4.15:443 HTTP/1.1" 200 148 "-" "-"
54.209.41.100 - - [07/May/2023:16:08:37 +0000] "\x16\x03\x01\x02" 400 492 "-" "-"
66.36.234.118 - - [07/May/2023:16:08:41 +0000] "CONNECT httpbin.org:443 HTTP/1.1" 200 167 "-" "-"
3.88.173.121 - - [07/May/2023:16:08:41 +0000] "CONNECT 92.53.96.128:443 HTTP/1.1" 200 148 "-" "-"
3.88.173.121 - - [07/May/2023:16:08:42 +0000] "\x16\x03\x01\x02" 400 492 "-" "-"
163.172.40.251 - - [07/May/2023:16:08:46 +0000] "GET http://example.com/ HTTP/1.1" 200 148 "-" "Go-http-client/1.1"
78.135.85.252 - - [07/May/2023:16:09:02 +0000] "CONNECT m.113kp.com:443 HTTP/1.1" 200 204 "-" "-"
78.135.85.252 - - [07/May/2023:16:09:02 +0000] "\x16\x03\x01" 400 492 "-" "-"
13.86.22.96 - - [07/May/2023:16:09:06 +0000] "CONNECT api.ipify.org:443 HTTP/1.1" 200 148 "-" "Go-http-client/1.1"
13.86.22.96 - - [07/May/2023:16:09:06 +0000] "\x16\x03\x01\x01\x12\x01" 400 492 "-" "-"
78.135.85.252 - - [07/May/2023:16:09:23 +0000] "CONNECT m.113kp.com:443 HTTP/1.1" 200 204 "-" "-"
78.135.85.252 - - [07/May/2023:16:09:23 +0000] "\x16\x03\x01" 400 492 "-" "-"
5.255.110.95 - - [07/May/2023:16:09:32 +0000] "GET http://azenv.net/ HTTP/1.1" 200 148 "-" "Go-http-client/1.1"
91.151.89.197 - - [07/May/2023:16:09:35 +0000] "CONNECT m.113kp.com:443 HTTP/1.1" 200 204 "-" "-"
91.151.89.197 - - [07/May/2023:16:09:35 +0000] "\x16\x03\x01" 400 492 "-" "-"
54.209.41.100 - - [07/May/2023:16:09:41 +0000] "CONNECT 185.215.4.15:443 HTTP/1.1" 200 148 "-" "-"
54.209.41.100 - - [07/May/2023:16:09:41 +0000] "\x16\x03\x01\x02" 400 492 "-" "-"
185.225.113.83 - - [07/May/2023:16:09:47 +0000] "CONNECT api.ipify.org:443 HTTP/1.1" 200 148 "-" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"
185.225.113.83 - - [07/May/2023:16:09:47 +0000] "\x16\x03\x01\x02" 400 492 "-" "-"
54.209.41.100 - - [07/May/2023:16:09:59 +0000] "CONNECT 185.215.4.15:443 HTTP/1.1" 200 148 "-" "-"
54.209.41.100 - - [07/May/2023:16:10:01 +0000] "\x16\x03\x01\x02" 400 492 "-" "-"
67.205.154.166 - - [07/May/2023:16:10:04 +0000] "CONNECT ext2-sea1.steamserver.net:27019 HTTP/1.1" 200 148 "-" "Valve/Steam HTTP Client 1.0"
67.205.154.166 - - [07/May/2023:16:10:04 +0000] "\x16\x03\x01\x01\xa0\x01" 400 492 "-" "-"
5.255.110.95 - - [07/May/2023:16:10:17 +0000] "GET http://azenv.net/ HTTP/1.1" 200 148 "-" "Go-http-client/1.1"
45.12.112.162 - - [07/May/2023:16:10:18 +0000] "GET http://azenv.net/ HTTP/1.1" 200 167 "-" "Go-http-client/1.1"
3.88.173.121 - - [07/May/2023:16:10:20 +0000] "CONNECT 92.53.96.128:443 HTTP/1.1" 200 148 "-" "-"
3.88.173.121 - - [07/May/2023:16:10:21 +0000] "\x16\x03\x01\x02" 400 492 "-" "-"
162.158.62.204 - - [07/May/2023:16:10:24 +0000] "GET /privacypolicy.html HTTP/1.1" 404 501 "-" "PlayStore-Google"
54.209.41.100 - - [07/May/2023:16:10:25 +0000] "CONNECT 185.215.4.15:443 HTTP/1.1" 200 148 "-" "-"
54.209.41.100 - - [07/May/2023:16:10:26 +0000] "\x16\x03\x01\x02" 400 492 "-" "-"
3.88.173.121 - - [07/May/2023:16:10:36 +0000] "CONNECT 92.53.96.128:443 HTTP/1.1" 200 148 "-" "-"
78.135.85.252 - - [07/May/2023:16:10:39 +0000] "CONNECT m.113kp.com:443 HTTP/1.1" 200 204 "-" "-"
78.135.85.252 - - [07/May/2023:16:10:40 +0000] "\x16\x03\x01" 400 492 "-" "-"
54.209.41.100 - - [07/May/2023:16:10:41 +0000] "CONNECT 185.215.4.15:443 HTTP/1.1" 200 148 "-" "-"
3.88.173.121 - - [07/May/2023:16:10:41 +0000] "\x16\x03\x01\x02" 400 492 "-" "-"
54.209.41.100 - - [07/May/2023:16:10:44 +0000] "\x16\x03\x01\x02" 400 492 "-" "-"
3.88.173.121 - - [07/May/2023:16:10:55 +0000] "CONNECT 92.53.96.128:443 HTTP/1.1" 200 148 "-" "-"
3.88.173.121 - - [07/May/2023:16:10:55 +0000] "\x16\x03\x01\x02" 400 492 "-" "-"
3.88.173.121 - - [07/May/2023:16:10:58 +0000] "CONNECT 92.53.96.128:443 HTTP/1.1" 200 148 "-" "-"
3.88.173.121 - - [07/May/2023:16:10:58 +0000] "\x16\x03\x01\x02" 400 492 "-" "-"
3.88.173.121 - - [07/May/2023:16:10:59 +0000] "CONNECT 92.53.96.128:443 HTTP/1.1" 200 148 "-" "-"
54.209.41.100 - - [07/May/2023:16:11:00 +0000] "CONNECT 185.215.4.15:443 HTTP/1.1" 200 148 "-" "-"
54.209.41.100 - - [07/May/2023:16:11:01 +0000] "\x16\x03\x01\x02" 400 492 "-" "-"
70.34.201.180 - - [07/May/2023:16:11:01 +0000] "CONNECT ip-api.com:80 HTTP/1.1" 200 148 "-" "Python/3.11 python-socks/2.2.0"
70.34.201.180 - - [07/May/2023:16:11:02 +0000] "GET /json/?fields=8217 HTTP/1.1" 404 433 "-" "Mozilla/5.0 (Windows NT 10.0; rv:112.0) Gecko/20100101 Firefox/112.0"
答案1
当 Web 服务器记录(许多)成功CONNECT
请求(以200
HTTP 成功代码为证)时,该 Web 服务器被用作转发代理。
当这些请求并非完全来自您自己的网络时,您的正向代理没有(正确)通过访问限制进行保护。这通常称为“打开代理”。
互联网上的随机客户端可以使用开放代理和您的服务器来隐藏他们自己的 IP 地址。
那能通过设计和理念来实现,例如提供在线匿名性并允许人们规避在线审查。
一个大问题是,许多开放代理(仅)被用于滥用和邪恶目的。
通常开放代理是配置错误的结果尽管。
相当典型的原因是新手管理员使用错误的ProxyRequests
指令而不是(仅)ProxyPass来将Apache httpd配置为反向代理。
- Apache httpd 应始终配置为
ProxyRequests Off
- 反向代理通过指令配置
ProxyPass
,不需要ProxyRequests on
- 当您确实需要正向代理时,请使用众多专用代理服务器之一,而不是您的 Web 服务器 IMHO。
- 如果你仍然想使用 Apache httpd 作为正向代理,保护您的配置并限制仅限授权客户端访问。
答案2
您的网站通过 CONNECT 方法用作代理。
一种可能的缓解方法是禁用 CONNECT 方法,如下所述这里。
LoadModule rewrite_module path/to/apache/modules/mod_rewrite.so
要启用重写引擎,请添加以下内容:
RewriteEngine On
请注意,默认情况下,重写配置不会在虚拟服务器之间继承。将 RewriteEngine On 添加到每个虚拟主机。禁用 HTTP 方法重写规则
由于我们希望在本 HOWTO 中禁用特定的 http 方法,因此我们的重写规则包含两个部分:条件和满足该条件时要应用的规则。在本 HOWTO 中,我的示例规则将禁用 HTTP TRACE 和 HTTP TRACK 请求(即使 Apache 不支持 TRACK)以及 HTTP OPTIONS 请求(即使禁用 HTTP OPTIONS 不一定是最佳做法)。以下是规则:
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]