Задать вопрос
@getpay

Как защититься от http флуда на форму nginx?

Всем привет! Столнулся с такой проблемой:
142.93.89.190 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.80.211 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
138.68.250.33 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
104.248.71.3 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36"
142.93.24.130 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
104.248.73.68 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.106 Safari/537.36"
104.248.74.146 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) snap Chromium/80.0.3987.132 Chrome/80.0.3987.132 Safari/537.36"
104.248.74.179 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.85.215 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
104.248.66.127 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.85.27 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
104.248.64.182 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Safari/605.1.15"
104.248.66.200 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.93.199 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
138.197.213.233 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.86.139 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.21.185 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36"
142.93.82.121 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Linux; Android 8.0.0; SAMSUNG SM-G930F) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/10.1 Chrome/71.0.3578.99 Mobile Safari/537.36"
104.248.73.101 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
180.125.102.41 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.82.159 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Linux; Android 9; SM-T510) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.119 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.24.130 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.19.19 - - [20/Dec/2020:21:47:41 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Linux; Android 10; SM-G975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.119 Mobile Safari/537.36"
138.68.62.36 - - [20/Dec/2020:21:47:41 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
159.89.121.92 - - [20/Dec/2020:21:47:41 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
104.248.184.65 - - [20/Dec/2020:21:47:41 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.89  Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.24.130 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.80.211 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.21.185 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36"
138.68.250.33 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.86.139 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.93.199 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.80.211 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.85.215 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
138.197.213.233 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.85.215 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"


Видно, как ответ сервера nginx после короткого времени уже отдает 502, как это исправить?
Конфиг nginx стандартный.
  • Вопрос задан
  • 126 просмотров
Подписаться 1 Простой Комментировать
Пригласить эксперта
Ответы на вопрос 2
ky0
@ky0 Куратор тега Nginx
Миллиардер, филантроп, патологический лгун
Для начала заблокировать особенно активные подсети. Потом, в более спокойной обстановке - добавлять капчу, оптимизировать производительность, настраивать fail2ban.
Ответ написан
У меня похожая ситуация щас. Настроил блокировку ip через fail2ban.
Цель: блокировка повторяющихся запросов POST /auth/login
При повторе запроса с одного ип 2 раза за минуту - блокировка на 1 сутки.
В случае повтора за 2 дня 2 раза (т.е. после разблокировки на второй день ещё раз банится), то бан уже на 7 дней.

В /etc/fail2ban/jail.local добавил
[site-http]
port = http,https
action = iptables-multiport[name=CMSBLOCK, port="http,https", protocol=tcp]
filter = site-http
logpath = /var/log/apache2/site.ru_access.log
findtime = 60
bantime = 86400
maxretry = 2

86400 - это 1 сутки в секундах

Создал файл /etc/fail2ban/filter.d/site-http.conf с содержимым:
[Definition]
# POST /auth/login
failregex = ^<HOST> .*POST.*/auth/login.*


В /etc/fail2ban/jail.d/defaults-debian.conf добавил
[site-http]
enabled = true


Для настройки рецедива бана:
В /etc/fail2ban/jail.local изменить
[recidive]
enabled = true
logpath  = /var/log/fail2ban.log
banaction = %(banaction_allports)s
bantime  = 604800  ; 604800 = 7 days
findtime = 172800   ; 172800 = 2 day
maxretry = 2
Ответ написан
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Похожие вопросы