Home>

There was a log in the published web application that seems to be gaining unauthorized access from a specific IP.
In order to deny access from these ip addresses, I set the IP addresses "3.114.205.48" and "52.193.114.46" to be denied in the VPC network ACL settings, but it does not change even after setting. The following error is displayed.
What should I do?
I would be grateful if you could teach me.

* 134907 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: xxxxxxx, server: example-example.com, request: "GET/vendor/phpunit/phpunit/src/Util/PHP/eval- stdin.php HTTP/1.1 ", upstream:" fastcgi: //unix:/var/run/php-fpm/php-fpm.sock: ", host:" 3.114.205.48 ", referrer:" http://3.114 .205.48: 80/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php "
* 135234 open () "/path/to/wp-content/plugins/wp-file-manager/readme.txt" failed (2: No such file or directory), client: xxxxxxx, server: example-example.com, request: "GET /wp-content/plugins/wp-file-manager/readme.txt HTTP/1.1", host: "52.193.114.46", referrer: "http://52.193.114.46:80/wp-content/ plugins/wp-file-manager/readme.txt "
Measures taken

The network ACL of the VPC prohibited access to these two IP addresses.

Rule # type, protocol, port range, source, allow/deny
97 All traffic All all 52.193.114.46/32 DENY
98 All traffic All all 3.114.205.48/32 DENY
environment
  • Configuration: ALB + EC2 operation
  • web server: nginx
  • Answer # 1

    Remained in the loghost: host:Was specified during HTTP communicationHost:It seems to be the value of the header. It does not match the IP address of the access source.

    Correct with nginx settingsHost:It is also a good idea to respond only when the message comes.

  • Answer # 2

    As maisumakun pointed out, it seems that the best way is to set ALB so that it can only be accessed from the correct host.
    Please note that various errors may occur due to ALB entanglement when trying to correspond with the nginx setting.