AWS EC2 Tomcat Java Webapp-如何管理bot http会话
[英]AWS EC2 Tomcat Java Webapp - How can I manage bot http sessions
问题描述
I have a Tomcat 8 Java webapp deployed in an AWS EC2 Ubuntu instance. 
我在AWS EC2 Ubuntu实例中部署了Tomcat 8 Java webapp。
It seems that there is a lot of bots trying to access my app because in my Javamelody monitoring I can see one-request bot's sessions cached by spring security like: 似乎有许多机器人试图访问我的应用程序,因为在Javamelody监视中,我可以看到Spring安全性缓存的一个请求机器人的会话,例如:
DefaultSavedRequest[http://52.27.73.101/phpmy-admin/]
DefaultSavedRequest[http://52.27.73.101/wp-login.php]
DefaultSavedRequest[http://52.27.73.101/admin/phpmyadmin/]
Is there a way to prevent from that bot's request? 有没有办法阻止该机器人的请求? I don't know, maybe a spring security config that does not save them on caché, oa tomcat config that do something similar? 我不知道,也许是春季安全性配置无法将它们保存在caché上,还是做类似事情的tomcat配置?
Lots of them doesn't have even IP, or Country, or User Agent. 其中许多甚至没有IP,国家/地区或用户代理。
Apart from security warning, my Javamelody Http Sessions Info it's not trustable because there are a lot of these. 除了安全警告之外,我的Javamelody Http Sessions Info也不可信,因为其中有很多。
The EC2 Instances is behind an AWS Load Balancer, so maybe can help in this thread too. EC2实例位于AWS负载均衡器的后面,因此也许也可以在此线程中提供帮助。
1 个解决方案
解决方案1
0 2017-07-13 14:21:07
If you have an EC2 instance you have full control of your SO. 如果您有EC2实例,则可以完全控制SO。 You could use any tool, for example iptables, to control the network traffic. 您可以使用任何工具(例如iptables)来控制网络流量。 Maybe with something like this: 也许是这样的:
iptables -I INPUT -s <bot IP source> -j DROP
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.