1. From the website statistics, we can see that there are many visits to external links, resulting in a high bounce rate of the website. The target link is: http://rm.leyutuan.com/tt/wll..., this page will Jump to a php file;
2. How to implement rule blocking for such brushing behavior?
Please help the experts analyze and give solutions. The server environment is cetos nginx.
滿天的星座2017-06-21 10:13:13
In the nginx configuration file, the server area
if ( $http_referer ~ "leyutuan.com" ){
return 403;
}滿天的星座2017-06-21 10:13:13
My website has been maliciously requested before. I used iptables to block the URL.
iptables -t raw -A PREROUTING -i eth0 -p tcp --dport 80 -m string --from 0 --to 100 --algo bm --string "GET /ddos_url/" -j DROP
roughly means: If the 0--100 characters of the request packet include "GET /ddos_url/", then it will be intercepted. In this case, any request for that URL will be blocked by the firewall.
iptables-nvL -t raw View the number of intercepted requests.