Linux下CSF防火墙阻止恶意网站目录/文件扫描
如图,有时候我们检查Apache日记的时候会发现大量这样的单IP或多IP在短时间内请求大量不存在的目录/文件,Apache返回404状态,这不仅消耗服务器资源还可能有安全隐患。我们可以通过CSF防火墙解决,CSF可以根据返回状态次数来屏蔽请求IP访问,相关设置和说明:
# This option will keep track of the number of "File does not exist" errors in
# HTACCESS_LOG. If the number of hits is more than LF_APACHE_404 in LF_INTERVAL
# seconds then the IP address will be blocked
#
# Care should be used with this option as it could generate many
# false-positives, especially Search Bots (use csf.rignore to ignore such bots)
# so only use this option if you know you are under this type of attack
#
# A sensible setting for this would be quite high, perhaps 200
#
# To disable set to "0"
LF_APACHE_404 = "200"
# If this option is set to 1 the blocks will be permanent
# If this option is > 1, the blocks will be temporary for the specified number
# of seconds
LF_APACHE_404_PERM = "3600"