Gitlab-ginx访问日志中出现其他网站的GET,CONNECT,HEAD等记录 作者: lovingyu_er 时间: 2021-01-18 17:26:02 分类: Ubuntu ###问题现象: ```gitlab_access.log```中的日志如下: ``` ... gitlab_access_log: 173.230.152.158 - - [18/Jan/2021:15:24:46 +0800] "GET http://18.162.114.105/9999.php HTTP/1.1" 401 49 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3599.0 Safari/537.36" gitlab_access_log: 173.230.152.158 - - [18/Jan/2021:15:24:46 +0800] "GET http://18.162.114.105/9999.php HTTP/1.1" 401 49 "-" "Mozilla/5.0 (Linux; Android 5.0; SM-G920A) AppleWebKit (KHTML, like Gecko) Chrome Mobile Safari (compatible; AdsBot-Google-Mobile; +http://www.google.com/mobile/adsbot.html)" gitlab_access_log: 173.230.152.158 - - [18/Jan/2021:15:24:47 +0800] "GET http://18.162.114.105/9999.php HTTP/1.1" 401 49 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3599.0 Safari/537.36" gitlab_access_log: 173.230.152.158 - - [18/Jan/2021:15:24:47 +0800] "GET http://18.162.114.105/9999.php HTTP/1.1" 401 49 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" gitlab_access_log: 173.230.152.158 - - [18/Jan/2021:15:24:47 +0800] "GET http://18.162.114.105/9999.php HTTP/1.1" 401 49 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Googlebot/2.1; +http://www.google.com/bot.html) Safari/537.36" gitlab_access_log: 173.230.152.158 - - [18/Jan/2021:15:24:47 +0800] "GET http://18.162.114.105/9999.php HTTP/1.1" 401 49 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.18247" gitlab_access_log: 173.230.152.158 - - [18/Jan/2021:15:24:47 +0800] "GET http://18.162.114.105/9999.php HTTP/1.1" 401 49 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3599.0 Safari/537.36" ... ``` <!--more--> 偶尔还会出现: ``` ... gitlab_access_log: 85.119.151.251 - - [18/Jan/2021:13:13:48 +0800] "POST http://check.best-proxies.ru/azenv.php?s=NXNXVJOETXVDVXICPNODPOUUMXVRYR HTTP/1.1" 404 3108 "https://best-proxies.ru/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" ... ``` 还有这种: ``` gitlab_access_log: 85.119.151.254 - - [18/Jan/2021:13:13:50 +0800] "CONNECT 5.178.86.76:80 HTTP/1.1" 400 166 "-" "-" ``` ``` gitlab_access_log: 85.119.151.254 - - [18/Jan/2021:13:13:54 +0800] "\x04\x01\x00P\x05\xB2VL0\x00" 400 166 "-" "-" ``` 1. nginx出现Connect请求的日志,那是因为nginx可以作为代理服务器,connect方法也是代理的一种方式,一般是用来做SSL管道代理的,当然端口可以有很多种可能,上述中的CONNECT 是代理访问80端口。 可以在nginx的配置中,限制这种请求,一般都是400错误,你可以限制自己的网站的请求方法: ``` if ($request_method !~* GET|POST|PUT|HEAD|DELETE) { return 403; } ``` 就可以很好的限制请求的一些请求方法。 2. 对于出现第三方的网站,比如http或者https,你可以通过nginx的变量```$host```进行限制,毕竟属于第三方的访问,很容易识别(自己的网站访问,一般都是以/开头的),我在自己的配置中,直接增加了如下: ``` if ($host !~ ^(darrykinger.com)$) { return 403; } ``` 3. 对于gitlab的nginx的配置,是在```/etc/gitlab/gitlab.rb```中nginx的配置字段中进行处理,如下: ``` ginx['custom_gitlab_server_config'] = "if ($host !~ ^(git.local.com|office.iserveronline.com)$) { return 403; } if ($request_method !~* GET|POST|PUT|HEAD|DELETE) { return 403; } " ``` 注意,多个配置项要写到同一个```custom_gitlab_server_config```字段中,不然会存在覆盖.在运行```sudo gitlab-ctl reconfigure```的时候,会自动重写``/var/opt/gitlab/nginx/gitlab-http.conf```中的内容. 标签: Nginx