There was a log in the published web application that seems to be gaining unauthorized access from a specific IP.
In order to deny access from these ip addresses, I set the IP addresses "220.127.116.11" and "18.104.22.168" to be denied in the VPC network ACL settings, but it does not change even after setting. The following error is displayed.
What should I do?
I would be grateful if you could teach me.
* 134907 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: xxxxxxx, server: example-example.com, request: "GET/vendor/phpunit/phpunit/src/Util/PHP/eval- stdin.php HTTP/1.1 ", upstream:" fastcgi: //unix:/var/run/php-fpm/php-fpm.sock: ", host:" 22.214.171.124 ", referrer:" http://3.114 .205.48: 80/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php " * 135234 open () "/path/to/wp-content/plugins/wp-file-manager/readme.txt" failed (2: No such file or directory), client: xxxxxxx, server: example-example.com, request: "GET /wp-content/plugins/wp-file-manager/readme.txt HTTP/1.1", host: "126.96.36.199", referrer: "http://188.8.131.52:80/wp-content/ plugins/wp-file-manager/readme.txt "
The network ACL of the VPC prohibited access to these two IP addresses.
Rule # type, protocol, port range, source, allow/deny 97 All traffic All all 184.108.40.206/32 DENY 98 All traffic All all 220.127.116.11/32 DENY
- Configuration: ALB + EC2 operation
- web server: nginx
Answer # 1
Remained in the log
host: host:Was specified during HTTP communication
Host:It seems to be the value of the header. It does not match the IP address of the access source.
Correct with nginx settings
Host:It is also a good idea to respond only when the message comes.
Answer # 2
As maisumakun pointed out, it seems that the best way is to set ALB so that it can only be accessed from the correct host.
Please note that various errors may occur due to ALB entanglement when trying to correspond with the nginx setting.
- how to access the project deployed on the instance of ec2 with only the ip address [nginx]
- Sample code for IP access offload via Nginx reverse proxy
- Detailed Nginx access restrictions configuration
- Redis unauthorized access with SSH key file
- Configuration methods for nginx and tomcat to access pictures and static pages
- Nginx limit method to restrict access to the module
- Detailed explanation of nginx access log format
- Nginx forbids specified UA access method
- Detailed Nginx anti-theft chain and Nginx access control and Nginx parsing PHP configuration
- Detailed 401 unauthorized access monitoring on springboot-actuator monitoring
- Nginx access control and parameter tuning method
- How to record user id in mysql using nginx access log
- Nginx blocks F5 heartbeat logs, specified IP access logs
- Nginx server set website authentication access method
- How to configure Nginx custom access logs
- Detailed explanation of Nginx log access exception alarm
- Two methods of nginx access control
- Nginx configuration how to distinguish PC or mobile access to different domain names
- Nginx uses limit_req_zone to restrict traffic to the same IP access
- Rails + PostgreSQL + NGINX ON DOCKER When building MacOS Chrome 502 BAD GATEWAY
- nginx - container does not start
- i want to raise the version of nginx to 1180 on amazon linux 1
- accessing with a domain name results in welcome to nginx on the amazon linux ami!
- cannot deploy from nginx curl: (7) failed to connect to port 443: connection refused
- nginx connection refused error cannot be fixed
- nginx - become a 502 bad gateway on a site with an aws proprietary domain
- place of nginx when publishing an app made with flask on ecs of aws
- ruby - if you want to redirect "without www" to with "www", do you need a site that can be accessed without
- nginx - [aws] i want cloudwatch to transfer the web-server access log