[英]Blocking Amazon AWS servers from Rails 4 application?
I have a Rails 4 application running on Heroku with exception_notification
. 我在Heroku上运行带有exception_notification
的Rails 4应用程序。 I was notified that an AWS server was fishing for a login page by trying to access /wp-login.php
. 有人通知我,AWS服务器通过尝试访问/wp-login.php
来获取登录页面。 Since that is not my app's login page, someone had to manually enter that URL. 由于这不是我应用程序的登录页面,因此必须有人手动输入该URL。 Tracking the IP shows an Amazon AWS server in Oregon. 跟踪IP将显示俄勒冈州的Amazon AWS服务器。
There shouldn't be any reason why someone would ever access my app via an AWS server, so my initial thought is someone is trying to get into the application. 不应有任何理由使某人曾经通过AWS服务器访问我的应用程序,因此我最初的想法是有人试图进入该应用程序。
In order to avoid any potential attack, I'm thinking about blocking all Amazon AWS requests. 为了避免任何潜在的攻击,我正在考虑阻止所有Amazon AWS请求。
Is there any way to blacklist Amazon AWS servers specifically? 有什么方法可以将Amazon AWS服务器专门列入黑名单? The only thing I can think of is checking the IP address of every request and ignoring those coming from a list I keep of Amazon, but I'm not sure if there is an official listing of Amazon IP addresses. 我唯一想到的就是检查每个请求的IP地址,而忽略那些来自我保留的Amazon列表的请求,但是我不确定是否有Amazon IP地址的正式列表。
But checking the IP of every request against a blacklist seems inefficient. 但是,根据黑名单检查每个请求的IP似乎效率很低。 I'm aware of the rack-attack
gem, but that is still running Ruby code to do the check, which doesn't seem very fast... 我知道rack-attack
宝石,但是它仍在运行Ruby代码来进行检查,这似乎并不快...
Blocking all AWS IPs is not a good solution. 阻止所有AWS IP并不是一个好的解决方案。 Potentially, the traffic can come from any part of the world. 潜在的流量可能来自世界的任何地方。 How are you going to block the traffic? 您如何阻止交通? Instead you should make your application robust. 相反,您应该使应用程序健壮。
There is an official listing of AWS IP address: AWS IP Address Ranges 这里有AWS IP地址的正式列表: AWS IP地址范围
If you are 100% sure that traffic originating from AWS (remember there are many AWS regions), then you can block them using IP tabled. 如果您100%确定来自AWS的流量(请记住有许多AWS区域),则可以使用IP表阻止它们。 One such solution is: AWS Blocker 一种这样的解决方案是: AWS Blocker
Blocking all AWS IPs is not a good solution. 阻止所有AWS IP并不是一个好的解决方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.