Apache-2.2

本地站點的 Apache 日誌中出現異常命中

  • June 26, 2019

我有一個在 Windows 7 上執行的 Apache 2.2 網路伺服器,並設置了六個虛擬主機。

  • 域名A指向?:/.../urls/1/
  • 域名B指向?:/.../urls/2/
  • 域名C+D指向?:/.../urls/3/
  • 域名 E* 指向?:/.../urls/4/
  • 我的公共 IP 指向?:/.../urls/5/
  • 本地主機+網路IP指向?:/.../urls/6/

(偽地址和路徑)

編輯:配置中的實際順序

  • 本地主機+網路IP指向 ?:/.../urls/6/
  • 我的公共 IP 指向 ?:/.../urls/5/
  • 域名A指向 ?:/.../urls/1/
  • 域名B指向 ?:/.../urls/2/
  • 域名C+D指向 ?:/.../urls/3/
  • 域名 E 指向* ?:/.../urls/4/

結束編輯

我還沒有域名 E,所以現在我在我的 hosts 文件中定義了它,當我嘗試通過域名在瀏覽器中訪問它時它可以工作。

我一直在做一些廣泛的文件結構更改並稍微改變了我的虛擬主機,所以現在每個站點都只是顯示一個測試頁面,簡單地說明它是哪個站點。域名A/B/C/等。每個站點都有自己的訪問日誌和錯誤日誌。所有看似簡單的東西。在本地主機上擁有一個私人網站對我來說是新的。過去localhost、網路IP和域名A都指向我的主站點,所以沒有考慮隱私。

我現在擔心的是站點 6,它只能由和訪問localhost,正在訪問日誌中記錄來自外部地址的命中。該站點拒絕除我自己的地址之外的所有地址,並且無論他們嘗試訪問 index.html 之類的真實文件還是偽造的文件,外國請求都按預期導致了 403,儘管一些請求導致了 400 錯誤,我是不熟悉。當某些常見錯誤被觸發時,我重定向到一個自定義錯誤腳本,將 %ENV 數據轉儲到文件中,希望我可以收集有關這些命中的一些有用資訊,並將錯誤頁面返回給使用者。到目前為止,對我來說沒有任何意義。127.0.0.1``192.168.1.100``?code=$HTTP_CODE

我想知道這些請求是如何/為什麼到達我的內部地址的,我是否應該擔心任何?:/.../urls/6/對公眾可見的東西,我是否在 Apache 中錯誤配置了任何東西,如果是,如何修復它。

以下是一些可能相關的片段。路徑和我的網址已被混淆。

主機文件

127.0.0.1        domain-name-E.com          # domain that i don't own yet
127.0.0.1        www.domain-name-E.com      # domain that i don't own yet

httpd-vhosts.conf編輯:調整以顯示 VH 的實際順序

<Directory "?:/.../urls/">
   Order Deny,Allow
   Allow from all
</Directory>

NameVirtualHost *:80

# site 6: private
<VirtualHost *:80>
   DocumentRoot "?:/.../urls/6/www/"

   ServerName  localhost
   ServerAlias 127.0.0.1
   ServerAlias 192.168.1.100

   ScriptAlias /cgi/ "?:/.../urls/6/cgi/"
   <Directory "?:/.../urls/6/cgi/">
       AllowOverride All
   </Directory>

   ErrorLog  "?:/.../logs/errors-site6.log"

 # CustomLog "?:/.../logs/access-site6.log" common
   LogFormat "%{%Y/%m/%d (%a) at %H:%M:%S}t    %a  Login: %u   Sent: %B B in %D µs   Status: %s/%>s for %H %m %{Host}i%U%q Using: %{User-agent}i   From: %{Referer}i" custom
   CustomLog "?:/.../logs/access-site6.log" custom env=!dontlog

   SetEnvIf Remote_Addr "127\.0\.0\.1"       dontlog
   SetEnvIf Remote_Addr "192\.168\.1\..*"    dontlog
   SetEnvIf Remote_Addr "XXX\.XXX\.XXX\.XXX" dontlog # my public IP address
</VirtualHost>

# site 5 here
# site 1 here
# site 2 here
# site 3 here
# site 4 here

?:/…/urls/6/.htaccess

# site 6: private

Deny from all
Allow from 127.0.0.1
Allow from 192.168.1
Allow from XXX.XXX.XXX.XXX # my public IP address

?:/…/logs/access-site6.log (對齊整理了一下)

# timestamp                    # IP                                                                                   #  domain/path?query                # agent                                                             # referrer
2019/06/24 (Mon) at 18:50:52   61.219.11.153    Login: -   Sent:  226 B in   3001 µs   Status: 400/400 for HTTP/1.1 GET       -/                          Using: -                                                            From: -
2019/06/24 (Mon) at 19:08:14   104.152.52.22    Login: -   Sent: 1211 B in 512029 µs   Status: 403/403 for HTTP/1.0 GET       -/?code=403                 Using: masscan/1.0 (https://github.com/robertdavidgraham/masscan)   From: -
2019/06/25 (Tue) at 00:12:51   138.99.29.110    Login: -   Sent:  226 B in   3001 µs   Status: 400/400 for HTTP/1.1 GET       -/Login.htm                 Using: -                                                            From: -
2019/06/25 (Tue) at 02:26:21   122.116.24.230   Login: -   Sent:  226 B in   3000 µs   Status: 400/400 for HTTP/1.1 GET       -/Login.htm                 Using: -                                                            From: -
2019/06/25 (Tue) at 04:21:55   92.63.194.15     Login: -   Sent: 1211 B in 365021 µs   Status: 403/403 for HTTP/0.9 GET       -/?code=403                 Using: -                                                            From: -
2019/06/25 (Tue) at 09:28:05   89.248.169.12    Login: -   Sent: 1211 B in 309018 µs   Status: 403/403 for HTTP/1.1 GET      80/?code=403                 Using: Mozilla/5.0 zgrab/0.x                                        From: -
2019/06/25 (Tue) at 10:07:53   185.53.88.37     Login: -   Sent:    0 B in 384022 µs   Status: 403/403 for HTTP/1.0 GET       -/robots.txt?code=403       Using: -                                                            From: -
2019/06/25 (Tue) at 10:48:16   77.247.110.106   Login: -   Sent:    0 B in 464027 µs   Status: 403/403 for HTTP/1.0 GET       -/robots.txt?code=403       Using: -                                                            From: -
2019/06/25 (Tue) at 13:46:30   192.31.231.241   Login: -   Sent: 1211 B in 519029 µs   Status: 403/403 for HTTP/1.1 GET default/.html?code=403            Using: curl/7.64.1                                                  From: -
2019/06/25 (Tue) at 15:14:24   77.247.110.106   Login: -   Sent:    0 B in 375022 µs   Status: 403/403 for HTTP/1.0 GET       -/robots.txt?code=403       Using: -                                                            From: -
2019/06/25 (Tue) at 21:00:55   220.133.33.166   Login: -   Sent:  226 B in   3001 µs   Status: 400/400 for HTTP/1.1 GET       -/Login.htm                 Using: -                                                            From: -
2019/06/26 (Wed) at 01:33:22   110.249.212.46   Login: -   Sent:  226 B in   2000 µs   Status: 400/400 for HTTP/1.1 GET       -/testget?q=23333&port=80   Using: -                                                            From: -

?:/…/logs/errors-site6.log

[Mon Jun 24 18:50:52 2019] [error] [client 61.219.11.153]  client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Mon Jun 24 19:08:14 2019] [error] [client 104.152.52.22]  client denied by server configuration: ?:/.../urls/6/www/
[Tue Jun 25 00:12:51 2019] [error] [client 138.99.29.110]  client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /Login.htm
[Tue Jun 25 02:26:21 2019] [error] [client 122.116.24.230] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /Login.htm
[Tue Jun 25 04:21:55 2019] [error] [client 92.63.194.15]   client denied by server configuration: ?:/.../urls/6/www/
[Tue Jun 25 09:28:05 2019] [error] [client 89.248.169.12]  client denied by server configuration: ?:/.../urls/6/www/
[Tue Jun 25 10:07:53 2019] [error] [client 185.53.88.37]   client denied by server configuration: ?:/.../urls/6/www/robots.txt
[Tue Jun 25 10:48:17 2019] [error] [client 77.247.110.106] client denied by server configuration: ?:/.../urls/6/www/robots.txt
[Tue Jun 25 13:46:30 2019] [error] [client 192.31.231.241] client denied by server configuration: ?:/.../urls/6/www/.html
[Tue Jun 25 15:14:24 2019] [error] [client 77.247.110.106] client denied by server configuration: ?:/.../urls/6/www/robots.txt
[Tue Jun 25 21:00:55 2019] [error] [client 220.133.33.166] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /Login.htm
[Wed Jun 26 01:33:22 2019] [error] [client 110.249.212.46] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /testget

?:/…/logs/detail-site6.log (對齊整理了一下,省略了一些不相關的鍵/值對)

2019/06/24 at 07:08:15 PM
$VAR1 = {
 'DOCUMENT_ROOT'           => '?:/.../urls/6/www/',
 'GATEWAY_INTERFACE'       => 'CGI/1.1',
 'HTTP_ACCEPT'             => '*/*',
 'HTTP_USER_AGENT'         => 'masscan/1.0 (https://github.com/robertdavidgraham/masscan)',
 'QUERY_STRING'            => 'code=403',
 'REDIRECT_REQUEST_METHOD' => 'GET',
 'REDIRECT_STATUS'         => '403',
 'REDIRECT_URL'            => '/',
 'REMOTE_ADDR'             => '104.152.52.22',
 'REMOTE_PORT'             => '48100',
 'REQUEST_METHOD'          => 'GET',
 'REQUEST_URI'             => '/',
 'SCRIPT_FILENAME'         => '?:/.../urls/6/cgi/error/.pl',
 'SCRIPT_NAME'             => '/cgi/error/.pl',
 'SERVER_ADDR'             => '192.168.1.100',
 'SERVER_NAME'             => 'localhost',
 'SERVER_PORT'             => '80',
 'SERVER_PROTOCOL'         => 'HTTP/1.0',
 'SERVER_SIGNATURE'        => '',
 'SERVER_SOFTWARE'         => 'Apache',
};

2019/06/25 at 04:21:55 AM
$VAR1 = {
 'DOCUMENT_ROOT'           => '?:/.../urls/6/www/',
 'GATEWAY_INTERFACE'       => 'CGI/1.1',
 'QUERY_STRING'            => 'code=403',
 'REDIRECT_REQUEST_METHOD' => '',
 'REDIRECT_STATUS'         => '403',
 'REDIRECT_URL'            => '/',
 'REMOTE_ADDR'             => '92.63.194.15',
 'REMOTE_PORT'             => '1468',
 'REQUEST_METHOD'          => 'GET',
 'REQUEST_URI'             => '',
 'SCRIPT_FILENAME'         => '?:/.../urls/6/cgi/error/.pl',
 'SCRIPT_NAME'             => '/cgi/error/.pl',
 'SERVER_ADDR'             => '192.168.1.100',
 'SERVER_NAME'             => 'localhost',
 'SERVER_PORT'             => '80',
 'SERVER_PROTOCOL'         => 'HTTP/0.9',
 'SERVER_SIGNATURE'        => '',
 'SERVER_SOFTWARE'         => 'Apache',
};

2019/06/25 at 09:28:05 AM
$VAR1 = {
 'DOCUMENT_ROOT'           => '?:/.../urls/6/www/',
 'GATEWAY_INTERFACE'       => 'CGI/1.1',
 'HTTP_ACCEPT'             => '*/*',
 'HTTP_ACCEPT_ENCODING'    => 'gzip',
 'HTTP_HOST'               => '80',
 'HTTP_USER_AGENT'         => 'Mozilla/5.0 zgrab/0.x',
 'QUERY_STRING'            => 'code=403',
 'REDIRECT_REQUEST_METHOD' => 'GET',
 'REDIRECT_STATUS'         => '403',
 'REDIRECT_URL'            => '/',
 'REMOTE_ADDR'             => '89.248.169.12',
 'REMOTE_PORT'             => '32902',
 'REQUEST_METHOD'          => 'GET',
 'REQUEST_URI'             => '/',
 'SCRIPT_FILENAME'         => '?:/.../urls/6/cgi/error/.pl',
 'SCRIPT_NAME'             => '/cgi/error/.pl',
 'SERVER_ADDR'             => '192.168.1.100',
 'SERVER_NAME'             => '80',
 'SERVER_PORT'             => '80',
 'SERVER_PROTOCOL'         => 'HTTP/1.1',
 'SERVER_SIGNATURE'        => '',
 'SERVER_SOFTWARE'         => 'Apache',
};

2019/06/25 at 10:07:53 AM
$VAR1 = {
 'DOCUMENT_ROOT'           => '?:/.../urls/6/www/',
 'GATEWAY_INTERFACE'       => 'CGI/1.1',
 'QUERY_STRING'            => 'code=403',
 'REDIRECT_REQUEST_METHOD' => 'HEAD',
 'REDIRECT_STATUS'         => '403',
 'REDIRECT_URL'            => '/robots.txt',
 'REMOTE_ADDR'             => '185.53.88.37',
 'REMOTE_PORT'             => '58418',
 'REQUEST_METHOD'          => 'GET',
 'REQUEST_URI'             => '/robots.txt',
 'SCRIPT_FILENAME'         => '?:/.../urls/6/cgi/error/.pl',
 'SCRIPT_NAME'             => '/cgi/error/.pl',
 'SERVER_ADDR'             => '192.168.1.100',
 'SERVER_NAME'             => 'localhost',
 'SERVER_PORT'             => '80',
 'SERVER_PROTOCOL'         => 'HTTP/1.0',
 'SERVER_SIGNATURE'        => '',
 'SERVER_SOFTWARE'         => 'Apache',
};

2019/06/25 at 10:48:17 AM
$VAR1 = {
 'DOCUMENT_ROOT'           => '?:/.../urls/6/www/',
 'GATEWAY_INTERFACE'       => 'CGI/1.1',
 'QUERY_STRING'            => 'code=403',
 'REDIRECT_REQUEST_METHOD' => 'HEAD',
 'REDIRECT_STATUS'         => '403',
 'REDIRECT_URL'            => '/robots.txt',
 'REMOTE_ADDR'             => '77.247.110.106',
 'REMOTE_PORT'             => '54263',
 'REQUEST_METHOD'          => 'GET',
 'REQUEST_URI'             => '/robots.txt',
 'SCRIPT_FILENAME'         => '?:/.../urls/6/cgi/error/.pl',
 'SCRIPT_NAME'             => '/cgi/error/.pl',
 'SERVER_ADDR'             => '192.168.1.100',
 'SERVER_NAME'             => 'localhost',
 'SERVER_PORT'             => '80',
 'SERVER_PROTOCOL'         => 'HTTP/1.0',
 'SERVER_SIGNATURE'        => '',
 'SERVER_SOFTWARE'         => 'Apache',
};

2019/06/25 at 01:46:30 PM
$VAR1 = {
 'DOCUMENT_ROOT'           => '?:/.../urls/6/www/',
 'GATEWAY_INTERFACE'       => 'CGI/1.1',
 'HTTP_ACCEPT'             => '*/*',
 'HTTP_HOST'               => 'default',
 'HTTP_USER_AGENT'         => 'curl/7.64.1',
 'QUERY_STRING'            => 'code=403',
 'REDIRECT_REQUEST_METHOD' => 'DKEMDIF&0',
 'REDIRECT_STATUS'         => '403',
 'REDIRECT_URL'            => '/.html',
 'REMOTE_ADDR'             => '192.31.231.241',
 'REMOTE_PORT'             => '33716',
 'REQUEST_METHOD'          => 'GET',
 'REQUEST_URI'             => '/.html',
 'SCRIPT_FILENAME'         => '?:/.../urls/6/cgi/error/.pl',
 'SCRIPT_NAME'             => '/cgi/error/.pl',
 'SERVER_ADDR'             => '192.168.1.100',
 'SERVER_NAME'             => 'default',
 'SERVER_PORT'             => '80',
 'SERVER_PROTOCOL'         => 'HTTP/1.1',
 'SERVER_SIGNATURE'        => '',
 'SERVER_SOFTWARE'         => 'Apache',
};

2019/06/25 at 03:14:24 PM
$VAR1 = {
 'DOCUMENT_ROOT'           => '?:/.../urls/6/www/',
 'GATEWAY_INTERFACE'       => 'CGI/1.1',
 'QUERY_STRING'            => 'code=403',
 'REDIRECT_REQUEST_METHOD' => 'HEAD',
 'REDIRECT_STATUS'         => '403',
 'REDIRECT_URL'            => '/robots.txt',
 'REMOTE_ADDR'             => '77.247.110.106',
 'REMOTE_PORT'             => '61954',
 'REQUEST_METHOD'          => 'GET',
 'REQUEST_URI'             => '/robots.txt',
 'SCRIPT_FILENAME'         => '?:/.../urls/6/cgi/error/.pl',
 'SCRIPT_NAME'             => '/cgi/error/.pl',
 'SERVER_ADDR'             => '192.168.1.100',
 'SERVER_NAME'             => 'localhost',
 'SERVER_PORT'             => '80',
 'SERVER_PROTOCOL'         => 'HTTP/1.0',
 'SERVER_SIGNATURE'        => '',
 'SERVER_SOFTWARE'         => 'Apache',
};

這可能是我的路由器上的錯誤配置嗎?或者我的機器或路由器上的惡意軟體正在打電話回家?如果是這樣,我該如何檢查,我可以盡快停止嗎?

或者這只是正常的混亂網際網路流量,我可以忽略並放心知道它永遠不會看到我的私人網站?

當您想要一個僅響應查詢的虛擬主機時,http://localhost 不要使該虛擬主機在所有帶有 IP 地址萬用字元的 IP 地址上可用:

<VirtualHost *:80>
   ServerName  localhost

有關確切的 VHost 匹配規則,請參閱手冊,但執行上述操作僅給 Apache httpd 提供了一個鑑別器,用於選擇應由該虛擬主機處理哪些請求,即當請求包含Host: localhost標頭時,它不會驗證請求是對localhostIP 地址 127.0.0.1或環回網路介面進行設置。

而是將該 VHost 綁定到特定的本地主機 IP 地址

<VirtualHost 127.0.0.1:80>
   ServerName  localhost

或同等的

<VirtualHost localhost:80>
   ServerName  localhost

引用自:https://serverfault.com/questions/972965