环境健康已经从好到坏。81.8 %的请求使用HTTP4xx错误
我想寻求关于弹性豆柄错误的帮助:
环境健康已由正常向严重过渡。81.8 %的请求使用HTTP4xx.错误。
我在这里阅读了一些文章,并使用WAF遵循了解决方案,因此我创建了分配给我们的CloudFront的ACL,然后创建了规则,它阻止了所有在HTTP方法中包含word HEAD的请求。当我试图从邮递员发送HEAD请求时,它会按照我的要求工作(我收到了错误403),但不幸的是,错误仍然存在,每天我都在apache日志中看到很多HEAD请求。
请求清单:
01/Aug/2017:07:42:09 +0000 "HEAD /mysql/dbadmin/ HTTP/1.1“404 260 "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:11 +0000 "HEAD /mysql/mysqlmanager/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:11 +0000 "HEAD /phpMyadmin/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:11 +0000 "HEAD /phpmyAdmin/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:12 +0000 "HEAD /phpmyadmin3 3/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:13 +0000 "HEAD /2 2phpmyadmin/ HTTP/1.1“404 260 - "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:13 +0000 "HEAD /phppma/ HTTP/1.1“404 260 - "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:14 +0000 "HEAD /shopdb/ HTTP/1.1“404 260 "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:15 +0000 "HEAD /program/ HTTP/1.1“404 260 - "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:15 +0000 "HEAD /dbadmin/ HTTP/1.1“404 260 - "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:16 +0000 "HEAD /db/ HTTP/1.1“404 260 - "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:16 +0000 "HEAD /mysql/ HTTP/1.1“404 260 - "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:17 +0000 "HEAD /db/phpmyadmin/ HTTP/1.1“404 260 "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:17 +0000 "HEAD /sqlmanager/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:18 +0000 "HEAD /php-myadmin/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:19 +0000 "HEAD /mysqladmin/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:19 +0000 "HEAD /admin/phpmyadmin/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:20 +0000 "HEAD /admin/sysadmin/ HTTP/1.1“404 260 "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:20 +0000 "HEAD /admin/db/ HTTP/1.1“404 260 - "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:21 +0000 "HEAD /admin/pMA/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:22 +0000 "HEAD /mysql/db/ HTTP/1.1“404 260 "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:23 +0000 "HEAD /mysql/pMA/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:24 +0000 "HEAD /sql/php-myadmin/ HTTP/1.1“404 260 "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:24 +0000 "HEAD /sql/sql/ HTTP/1.1“404 260 - "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:25 +0000 "HEAD /sql/webadmin/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:26 +0000 "HEAD /sql/websql/ HTTP/1.1“404 260 "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:30 +0000 "HEAD /sql/sqladmin/ HTTP/1.1“404 260 "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:30 +0000 "HEAD /sql/phpmyadmin2 2/ HTTP/1.1“404 260 - "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:31 +0000 "HEAD /sql/phpMyAdmin/ HTTP/1.1“404 260 - "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:38 +0000 "HEAD /db/webadmin/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:43 +0000 "HEAD /db/websql/ HTTP/1.1“404 260 "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:49 +0000 "HEAD /db/dbadmin/ HTTP/1.1“404 260 "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:49 +0000 "HEAD /db/phpmyadmin3 3/ HTTP/1.1“404 260 - "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:51 +0000 "HEAD /db/phpMyAdmin-3/ HTTP/1.1“404 260 "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:52 +0000 "HEAD /administrator/phpMyAdmin/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:52 +0000 "HEAD /administrator/web/ HTTP/1.1“404 260 "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:54 +0000 "HEAD /administrator/PMA/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:54 +0000 "HEAD /phpMyAdmin2 2/ HTTP/1.1“404 260 - "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:55 +0000 "HEAD /phpMyAdmin4 4/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:55 +0000 "HEAD /php-my-admin/ HTTP/1.1“404 260 - "Mozilla/5.0 Jorgee” 01/Aug/2017:07:42:56 +0000 "HEAD /5.0 2012/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:56 +0000 "HEAD /5.0 2014/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:57 +0000 "HEAD /5.0 2016/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:57 +0000 "HEAD /5.0 2018/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:58 +0000 "HEAD /5.0 2012/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:42:59 +0000 "HEAD /5.0 2014/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:43:00 +0000 "HEAD /5.0 2016/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“” 01/Aug/2017:07:43:01 +0000 "HEAD /pma2018/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:43:01 +0000 "HEAD /phpmyadmin2012/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:43:02 +0000 "HEAD /phpmyadmin2014/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:43:02 +0000 "HEAD /phpmyadmin2016/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“ 01/Aug/2017:07:43:04 +0000 "HEAD /phpmyadmin2018/ HTTP/1.1“404 260 "-”Mozilla/5.0 Jorgee“
谢谢你的帮助。
回答 3
Stack Overflow用户
发布于 2017-08-22 18:31:58
我联系了AWS的直接支持,这是他们提供给我的解决方案:
我查看了您发布的日志,以防万一,我发现代理是Jorgee,这是一个常见的恶意代理。我偶然看到了关于这个代理1的博客,虽然它不是官方的,但它得到了它的洞察力。 ElasticBean秸秆环境实例中的一个名为“health d”的守护进程通过监视特殊的日志文件来监视运行情况。如果代理在这个文件中发现了大量的4xx,环境就会进入严重的状态。
$ sudo tail /var/log/nginx/healthd/application.log.2017-08-21-07 1503299631.249"/asdf"404"0.075"0.075"- 1503299631.379"/asdf"404"0.002"0.002"-我看到您已经启动了解决方案栈“64位Amazon 2017.03 v2.7.2运行Docker17.03.1-ce”的环境,因此我想为这个解决方案堆栈提供一个解决这个问题的方法。 在解决方案栈“64位Amazon 2017.03 v2.7.2运行Docker 17.03.1-ce”中,上面的日志格式在"/etc/nginx/nginx.conf“中定义,并在"/etc/nginx/sites-enabled/elasticbeanstalk-nginx-docker-proxy.conf".中启用。 因此,您可以在您的环境中配置nginx以忽略HTTP状态为404或403的请求。请尝试在应用程序源代码包的.ebextensions目录下添加以下配置文件。 .ebextensions/healthd_ignore_4xx.config 文件:"/etc/nginx/sites-enabled/elasticbeanstalk-nginx-docker-proxy.conf":模式:"000644“所有者:根组:根内容:\#修改# $status $logflag { 404 0;403 0;默认1;}映射$http_upgrade $connection_upgrade {默认”升级“;“;}服务器{侦听80;gzip on;gzip_comp_level 4;gzip_types文本/html文本/纯文本/css应用程序/json应用程序/x-javascript文本/xml应用程序/xml应用程序+rss文本/javascript;如果($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") { set $year $1;设置$month $2;设置$day $3;设置$hour $4;}#修改2号# /var/log/nginx/healthd/application.log.$year-$month-$day-$hour健康;access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd if=$logflag;access_log /var/log/nginx/access.log.log;location /{ proxy_pass http://docker;proxy_http_version 1.1;proxy_set_header连接$connection_upgrade;proxy_set_header升级$http_upgrade;proxy_set_header主机$host;proxy_set_header X-Real $remote_addr;proxy_set_header X-转发-用于$proxy_add_x_forwarded_for;} 此配置将用您定义的内容替换默认的/etc/nginx/sites-enabled/elasticbeanstalk-nginx-docker-proxy.conf文件。我所作的修改如下:
- 第一:添加了地图指令,该指令从$status映射到$logflag。当请求为404或403时,将$logflag设置为0。将1设置为其他状态。
- 第二条:在if=$logflag 2指令中添加access_log。仅当HTTP状态不是404或403时,才写入健康监视日志。
使用上述ebextensions部署新版本应用程序后,您的环境状态将不会受到无效404或403请求的影响。
Reference 1 http://www.skepticism.us/2015/05/new-malware-user-agent-value-jorgee/ 2:log
Stack Overflow用户
发布于 2021-05-27 00:26:50
对我来说,我没有对根(/)的响应,所以只需在spring中添加一个虚拟页面,我的ELB问题就解决了。
@GetMapping("/")
@ResponseBody
public String sayHello() {
return "hello";
}Stack Overflow用户
发布于 2019-01-22 13:24:54
为了解决这个问题,
我将弹性load负载均衡器更改为应用程序一级,并启用了WAF集成。
在WAF中,我定义了以下规则以防止恶意软件请求。
URI contains: "/pma" after converting to lowercase.
URI contains: "/sql" after converting to lowercase.
URI contains: "/admin" after converting to lowercase.
URI ends with: "php" after converting to lowercase.
URI contains: "/mysql" after converting to lowercase.
URI contains: "/db" after converting to lowercase.
URI contains: "/2phpmyadmin/ " after converting to lowercase.
URI contains: "/shopdb/ " after converting to lowercase.
URI contains: "/php" after converting to lowercase.https://stackoverflow.com/questions/45433097
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号