Operation and Maintenance
Linux Operation and Maintenance
Detailed introduction on how to use CSF firewall to block malicious requests in Linux
Detailed introduction on how to use CSF firewall to block malicious requests in Linux
本篇文章主要介绍了linux利用CSF防火墙屏蔽恶意请求,小编觉得挺不错的,现在分享给大家,也给大家做个参考。一起跟随小编过来看看吧
问题
最近不知道为什么,恶意代理的请求数越来越多,明明我返回的都是403Forbidden,但是由于数量实在庞大,还是消耗了我大量的带宽和资源。之前的方法已经没有用了,想了半天还是研究研究防火墙吧,虽然仅仅靠Apache也能对某些IP进行黑名单设置,但是感觉还是有点麻烦的。比如最常见的用iptables,或者是ufw,虽然都能很好的做到管理,但是他们基本都需要一条一条的加,十分麻烦。
网上搜索了下,找到了一个挺方便的小工具–CSF(ConfigServer & Security Firewall),这个工具据说除了能够方便的管理IP blacklist,而且也能稍加配置抵御一定量的DDOS攻击。
安装
工具本身可以在csf工具的官网上下载。
下载并解压后可以参考其中的install.txt的说明进行安装,讲的简洁而且详细,注意给权限就行。需要说明的是,这个工具其实也是基于iptables,只是简化了命令而已。
关于ddos的防护
根据readme.txt的描述,进行ddos防护的功能主要是靠/etc/csf/csf.conf中的配置进行控制的,尤其是当中的PORTFLOOD参数,一般都进行如下设置:
#Syntax for the PORTFLOOD setting: #PORTFLOOD is a comma separated list of: port;protocol;hit count*;interval seconds #So, a setting of PORTFLOOD = "22;tcp;5;300,80;tcp;20;5" means: #1. If more than 5 connections to tcp port 22 within 300 seconds, then block #that IP address from port 22 for at least 300 seconds after the last packet is #seen, i.e. there must be a "quiet" period of 300 seconds before the block is #lifted #2. If more than 20 connections to tcp port 80 within 5 seconds, then block #that IP address from port 80 for at least 5 seconds after the last packet is #seen, i.e. there must be a "quiet" period of 5 seconds before the block is #lifted
这个可以根据个人需要修改。
关于black list
blacklist 就在/etc/csf/csf.deny里,可以有多种书写方式,在该文件的顶部描述的十分清楚:
############################################################################### # Copyright 2006-2017, Way to the Web Limited # URL: http://www.configserver.com # Email: sales@waytotheweb.com ############################################################################### # The following IP addresses will be blocked in iptables # One IP address per line # CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24) # Only list IP addresses, not domain names (they will be ignored) # # Note: If you add the text "do not delete" to the comments of an entry then # DENY_IP_LIMIT will ignore those entries and not remove them # # Advanced port+ip filtering allowed with the following format # tcp/udp|in/out|s/d=port|s/d=ip # # See readme.txt for more information regarding advanced port filtering #
简要概括就是每一行代表一个ip,也可以代表一个ip段(CIDR),而且我们也可以加注释,甚至可以指定端口和协议。
最后,在做出修改后想要生效记得用csf -r命令。
针对恶意代理请求的防护方案
当然,我用这个的目的是为了根本解决之前的恶意代理占用带宽的问题。有了这个工具,就可以十分轻松的进行控制了,思路如下:
首先,搜索Apache的log(/var/log/apache2/access.log),查找所有应被屏蔽的log条目(我这里指的是所有被403的请求)。
然后,提取每条Log记录对应的ip地址。
对结果进行排序去重,生成black list。
blacklist 写入csf.deny
重启csf防护服务。
实现起来超级简单:
代码如下:
root@server:~# cat /var/log/apache2/access.log |grep \ 403\ |awk '{print $1}'|sort|uniq >> /etc/csf/csf.deny可以手动查看下结果是否正确,确认之后既可以csf -r重启服务了。
The above is the detailed content of Detailed introduction on how to use CSF firewall to block malicious requests in Linux. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1392
52
36
110
What computer configuration is required for vscode
Apr 15, 2025 pm 09:48 PM
VS Code system requirements: Operating system: Windows 10 and above, macOS 10.12 and above, Linux distribution processor: minimum 1.6 GHz, recommended 2.0 GHz and above memory: minimum 512 MB, recommended 4 GB and above storage space: minimum 250 MB, recommended 1 GB and above other requirements: stable network connection, Xorg/Wayland (Linux)
vscode cannot install extension
Apr 15, 2025 pm 07:18 PM
The reasons for the installation of VS Code extensions may be: network instability, insufficient permissions, system compatibility issues, VS Code version is too old, antivirus software or firewall interference. By checking network connections, permissions, log files, updating VS Code, disabling security software, and restarting VS Code or computers, you can gradually troubleshoot and resolve issues.
Can vscode be used for mac
Apr 15, 2025 pm 07:36 PM
VS Code is available on Mac. It has powerful extensions, Git integration, terminal and debugger, and also offers a wealth of setup options. However, for particularly large projects or highly professional development, VS Code may have performance or functional limitations.
What is vscode What is vscode for?
Apr 15, 2025 pm 06:45 PM
VS Code is the full name Visual Studio Code, which is a free and open source cross-platform code editor and development environment developed by Microsoft. It supports a wide range of programming languages and provides syntax highlighting, code automatic completion, code snippets and smart prompts to improve development efficiency. Through a rich extension ecosystem, users can add extensions to specific needs and languages, such as debuggers, code formatting tools, and Git integrations. VS Code also includes an intuitive debugger that helps quickly find and resolve bugs in your code.
How to run java code in notepad
Apr 16, 2025 pm 07:39 PM
Although Notepad cannot run Java code directly, it can be achieved by using other tools: using the command line compiler (javac) to generate a bytecode file (filename.class). Use the Java interpreter (java) to interpret bytecode, execute the code, and output the result.
What is the main purpose of Linux?
Apr 16, 2025 am 12:19 AM
The main uses of Linux include: 1. Server operating system, 2. Embedded system, 3. Desktop operating system, 4. Development and testing environment. Linux excels in these areas, providing stability, security and efficient development tools.
How to use VSCode
Apr 15, 2025 pm 11:21 PM
Visual Studio Code (VSCode) is a cross-platform, open source and free code editor developed by Microsoft. It is known for its lightweight, scalability and support for a wide range of programming languages. To install VSCode, please visit the official website to download and run the installer. When using VSCode, you can create new projects, edit code, debug code, navigate projects, expand VSCode, and manage settings. VSCode is available for Windows, macOS, and Linux, supports multiple programming languages and provides various extensions through Marketplace. Its advantages include lightweight, scalability, extensive language support, rich features and version
How to check the warehouse address of git
Apr 17, 2025 pm 01:54 PM
To view the Git repository address, perform the following steps: 1. Open the command line and navigate to the repository directory; 2. Run the "git remote -v" command; 3. View the repository name in the output and its corresponding address.
