1

We are hosting multiple websites with Nginx as an SSL terminator. All traffics are proxied through Nginx to backend servers. There are many connections to one of our websites, netstat shows:

# netstat -ntp|grep nginx |wc -l
1041

when I check website access log, I see too many IP addresses that search in the website:

A part of logs:

71.89.120.4 - - [14/Nov/2019:09:23:53 +0330] "GET /?s=Creed+II HTTP/1.1" 200 10481 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
105.228.133.215 - - [14/Nov/2019:09:23:53 +0330] "GET /?s=Noelle HTTP/1.1" 200 13024 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:58.0) Gecko/20100101 Firefox/58.0"
170.84.11.136 - - [14/Nov/2019:09:23:53 +0330] "GET /?s=Playing+with+Fire HTTP/1.1" 200 9130 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36"
189.216.166.67 - - [14/Nov/2019:09:23:54 +0330] "GET /?s=Red+Shoes+and+the+Seven+Dwarfs HTTP/1.1" 200 9246 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36"
47.209.3.178 - - [14/Nov/2019:09:23:58 +0330] "GET /?s=Good+Boys HTTP/1.1" 200 9158 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4"

I can block requests in htacess but requests are delivered to web-server and cause resource usage!

How Can I prevent this kind of request?

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
behnam bahadori
  • 13
  • 4
  • You want to prevent customers to use your site? Or you think those requests are not user generated? You can add rule on nginx to deny requests with host of this site and with query started by ?s= for example, but this is a very rough decision – warder Nov 14 '19 at 10:42
  • I use cloudflare and problem solved. – behnam bahadori Nov 15 '19 at 09:10

0 Answers0