2

这是我第一次与rack-attack交互,所以请随时指出我在代码中可能存在的任何错误。我正在尝试将那些ip试图访问路由的人列入黑名单,"/azenv.php", "/setup.php" etc..因为这些人不断地使用一些随机.phpurl 并可能试图关闭服务器,我认为开始阻止它们可能是一个好主意,但显然机架-攻击不会阻止任何ip尝试访问上述 url 的行为。

我试图运行的代码块是:

class Rack::Attack

  Rack::Attack.whitelist('allow from localhost') do |req|
  # Requests are allowed if the return value is truthy
  '127.0.0.1' == req.ip || '::1' == req.ip || '122.166.130.230' == req.ip
  end

  Rack::Attack.blacklist("Block Referrer Analytics Spam") do |request|
    spammerList = ENV.has_key?("spammerList") ? ENV["spammerList"].split(',') : []
    spammerList.find { |spammer| request.referer =~ %r{#{spammer}} }
  end

  Rack::Attack.blacklist('bad_login_ip') do |req|
   (req.post? && req.path == "/users/sign_in" && IPCat.datacenter?(req.ip))
  end

  Rack::Attack.blacklist('Stupid IP for PHP') do |req|
    if req.path == "/azenv.php" || req.path == "/testproxy.php" || req.path == "//web/scripts/setup.php"
      req.ip
    end
    # req.path.include?(".php")
  end

  Rack::Attack.throttle('req/ip', limit: 300, period: 5.minutes) do |req|
    req.remote_ip if ['/assets', '/check'].any? {|path| req.path.starts_with? path }
  end

  Rack::Attack.throttle('req/ip', :limit => 5, :period => 20.seconds) do |req|
    if req.path == '/users/sign_in' && req.post?
      req.ip
    end
  end

  Rack::Attack.throttle("logins/email", :limit => 5, :period => 20.seconds) do |req|
    if req.path == '/users/sign_in' && req.post?
      # return the email if present, nil otherwise
      req.params['email'].presence
    end
  end
end

很少有块来自他们的 wiki 本身。如果这里有任何问题,请更正。

更新

这是我在给定示例中尝试的一段代码:

Rack::Attack.blacklist('fail2ban pentesters') do |req|
  # `filter` returns truthy value if request fails, or if it's from a previously banned IP
  # so the request is blocked
    Rack::Attack::Fail2Ban.filter("pentesters-#{req.ip}", :maxretry => 1, :findtime => 10.minutes, :bantime => 5.minutes) do
      # The count for the IP is incremented if the return value is truthy
      req.path.include?('/testproxy.php') ||
      req.path.include?('azenv.php') 

    end
  end
4

2 回答 2

0

@abhinay 您能否澄清一下您希望阻止哪些请求是成功的?

如果你想阻止来自已经发出几个 PHP 请求的 IP 地址的所有请求,你需要一个 Fail2Ban,就像@frederickcheung 建议的那样。

自述文件和 wiki 有示例。

于 2016-02-01T11:50:13.843 回答
0

您是否尝试将环境变量移出块,

例如:

  spammerList = ENV.has_key?("spammerList") ? ENV["spammerList"].split(',') : []

  Rack::Attack.blacklist("Block Referrer Analytics Spam") do |request|
    spammerList.find { |spammer| request.referer =~ %r{#{spammer}} }
  end
于 2020-09-04T10:50:22.437 回答