透明地将 http 流量克隆到同一服务器上的另一个端口
[英]Clone http traffic to another port on same server transparently
问题描述
I am experimenting with following setup.
我正在尝试以下设置。
Clone/copy (but not redirect) all incoming HTTP requests from port 80 to another port say 8080 on same machine.
克隆/复制(但不重定向)所有传入 HTTP 请求从端口 80 到另一个端口,例如同一台机器上的 8080。 I have a simple NGINX + Lua based WAF which is listening on 8080. Essentially, I am running two instances of webservers here, one which is serving real requests and other one working on cloned traffic for detection purpose.我有一个简单的基于 NGINX + Lua 的 WAF,它正在侦听 8080。本质上,我在这里运行了两个网络服务器实例,一个处理真实请求,另一个处理克隆流量以进行检测。 I don't care about being able to block the malicious requests so I dont care about being inline.我不在乎能够阻止恶意请求,所以我不在乎内联。I want to use WAF only for detection purpose ie it should analyze all incoming requests, raise alert and drop the request after that.
我只想将 WAF 用于检测目的,即它应该分析所有传入的请求,然后发出警报并删除请求。 This will not hamper anything from users point of view since port 80 is serving real requests.从用户的角度来看,这不会妨碍任何事情,因为端口 80 正在处理真正的请求。How can I clone traffic this way and just discard it after analysis is done ?
如何以这种方式克隆流量并在分析完成后将其丢弃? Is this feasible ?这可行吗? If yes, please suggest any tools which can clone traffic with minimal performance hit.如果是,请建议任何可以以最小的性能影响克隆流量的工具。
2.
2.
2 个解决方案
解决方案1
0 2016-03-29 18:12:59
Have a look : https://github.com/buger/gor看看: https : //github.com/buger/gor
Example instructions are straightforward.示例说明很简单。 Additional logging or certain forwards you could possibly add as well您也可以添加其他日志记录或某些转发
解决方案2
0 2020-02-03 12:35:00
In the current Nginx version, there is an ngx_http_mirror_module , which retranslates requests to another endpoint and ignores responses.在当前的 Nginx 版本中,有一个ngx_http_mirror_module ,它将请求重新转换到另一个端点并忽略响应。 See also this answer另请参阅此答案
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.