我在Elastic Load Balancer后面有一个AWS Elastic Beanstalk(Node.js)设置,并为负载均衡器设置警报。 每天晚上我收到大量警报:
Environment health has transitioned from Ok to Severe. 100.0 % of the requests are erroring with HTTP 4xx.
这是由于在99%的情况下使用HEAD方法拖网不同的PHP hackz和phpmyadmin,dbadmin等。 由于我们有一个外部AIM服务,他们会触发这些警报,同时为每个警报创建一个问题(我们现在改变了)但是你知道哭泣的“狼”......
问题是,是否可以阻止HEAD或某些URI,我们知道我们不需要以某种方式摆脱“假”HTTP 4xx?
I have an AWS Elastic Beanstalk (Node.js) setup behind an Elastic Load Balancer and alerts setup for the load balancer. Each night I get tons of alerts for:
Environment health has transitioned from Ok to Severe. 100.0 % of the requests are erroring with HTTP 4xx.
This is due to trawls of different PHP hackz and phpmyadmin, dbadmin, etc. using the HEAD method in 99% of the cases. Since we have an external AIM service they trigger on these alerts as well creating an issue for each (which we now change of course) but crying "wolf" you know...
Question is, is it possible to block HEAD or certain URI's we know we don't need somehow to get rid of the "false" HTTP 4xx?
最满意答案
正如Mark B在上面的评论中指出的那样,使用Web应用程序防火墙(WAF和Shield)解决了我们的问题。
我们有一个普通的EC2 ELB(弹性负载均衡器),并将其换成新的应用程序负载均衡器(ALB),这是WAF的要求。
设置WAF相当容易,首先创建一个用于阻止HTTP HEAD的Web ACL(您可以添加大量其他保护,SQL注入等),然后添加一个规则来阻止任何匹配的wACL但允许任何其他流量。
最后将新的wACL与负载均衡器相关联,您就完成了!
测试HTTP HEAD现在提供“403 Forbidden”并且没有输入我们的Elastic Beanstalk。
As Mark B pointed out in the comments above using a Web Application Firewall (WAF & Shield) solves our issue.
We had a normal EC2 ELB (Elastic Load Balancer) and swapped that out for the new Application Load Balancer (ALB) that is a requirement for the WAF.
Setting up WAF is fairly easy, first create a Web ACL for blocking HTTP HEAD (you can add a ton of other protection as well, SQL Injection, etc.) and then add a Rule to Block any matching wACL but Allow any other traffic.
Lastly associate the new wACL with the load balancer and you're done!
Testing HTTP HEAD now gives a "403 Forbidden" and is not entering our Elastic Beanstalk.
更多推荐
发布评论