Thanks .
But it seems WAF can only support nginx which version is lower than
1.2.0.
At 2012-09-04 22:14:57,“[email protected]” [email protected]
wrote:
what I see is that you want to block XSS attacks and code injection,
that is why I recommend a WAF
Regards,
On Tue, Sep 4, 2012 at 10:49 AM, Jaap van Arragon
[email protected] wrote:
Hi,
If the user is coming from the same ip address you can block it in your
iptables or firewall.
Regards
On 9/4/12 3:45 PM, “[email protected]” [email protected]
wrote:
Hi,
WAF(Google Code Archive - Long-term storage for Google Code Project Hosting.) at possible solution?
Regards,
On Tue, Sep 4, 2012 at 10:42 AM, fhal [email protected] wrote:
Hi all,
Today my server was attacked. After checked Nginx access log, I found
logs like below:
116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] “GET
/member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1” 500 186 “-” “-”
“-”
116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] “GET
/member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1” 500 186 “-” “-”
“-”
116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] “GET
/member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1” 500 186 “-” “-”
“-”
It seems the attacker was using some tool to attack my server. You can
see that the user agent / browser version are blank.
Due to I can’t block the blank user agent (some web browser is using
blank user agent, for example, UC), is there any way can I use to block
this kind of attack?
Thank
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
–
Victor Pereira