作者 主題: 一直有相同的REFER出現在我的紀錄裡面  (閱讀 4084 次)

0 會員 與 1 訪客 正在閱讀本文。

fz150n

  • 憂鬱的高中生
  • ***
  • 文章數: 111
    • 檢視個人資料
最近發現我維護的一個網站一直有這樣的存取訊息,而且非常頻繁:

代碼: [選擇]
66.91.56.7 - - [17/May/2006:15:27:38 +0800] "GET /poster/i-l/longestyard.JPG HTTP/1.1" 200 40073 "http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendID=15047703" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
不同的來源IP,但後面REFER的網址都差不多,
請問這是在幹嘛呢?看起來不像是真的在瀏覽我的網頁耶~

如果要針對REFER的內容作限制的話,我應該要怎麼作呢? 謝謝!

Fedora Core 3
Apache 2.0.53

craig

  • 懷疑的國中生
  • **
  • 文章數: 69
    • 檢視個人資料
一直有相同的REFER出現在我的紀錄裡面
« 回覆 #1 於: 2006-05-17 15:41 »
這就是很一般的圖檔盜連,
你可以檢查抓 jpg 檔案時, referer 是不是來自你許可的網站。
至於怎麼做,其實我也只是個會講不會做的人啦,
我都只會上 google 隨便找隨便抄。

Darkhero

  • 酷!學園 學長們
  • 俺是博士!
  • *****
  • 文章數: 3728
  • 性別: 男
    • 檢視個人資料
    • ㄚ凱隨手紀
希望我們的討論是為了把問題解決,而不是爭論誰對誰錯.
『灌水才是重點,發文只是順便』
『我寧可讓不會釣魚的工程師餓死,也不想讓會餓死的工程師去攪沉公司....』
Blog: http://blog.darkhero.net/
秘密基地: http://www.darkhero.net/comic/
目前服務的網站: http://www.libook.com.tw/

fz150n

  • 憂鬱的高中生
  • ***
  • 文章數: 111
    • 檢視個人資料
一直有相同的REFER出現在我的紀錄裡面
« 回覆 #3 於: 2006-05-17 20:26 »
雖然很遜,不過我還是把我的規則貼給大家參考:

代碼: [選擇]
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://profile.myspace.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} ^http://profile.myspace.com/$ [NC]
#上面這兩的結果好像一樣?
RewriteCond %{HTTP_REFERER} ^http://spaces.msn.com/slaberic/blog/.*$ [NC]
RewriteCond %{HTTP_REFERER} ^http://www.roicat.com.tw/newposter/.*$ [NC]
RewriteCond %{HTTP_REFERER} ^http://sharingmania.blogspot.com//.*$ [NC]
RewriteCond %{HTTP_REFERER} ^http://images.google.co.id/.*$ [NC]
RewriteCond %{HTTP_REFERER} ^http://images.google.co.uk/.*$ [NC]
RewriteCond %{HTTP_REFERER} ^http://www.oxxk.com/vod/.*$ [NC]
RewriteCond %{HTTP_REFERER} ^http://dir.yam.com/ent/movies/mov%5Fpos/.*$ [NC]
RewriteCond %{HTTP_REFERER} ^http://lovels.idc99.cn/vod/.*$ [NC]
RewriteCond %{HTTP_REFERER} ^http://dir.iask.com/search_dir/yl/ysh/hb/.*$ [NC]
RewriteCond %{HTTP_REFERER} ^http://www.wretch.cc/blog/mikiyang/.*$ [NC]
RewriteCond %{HTTP_REFERER} ^http://dir.pchome.com.tw/entertainment/movie/introduce/movie_placard/.*$ [NC]
RewriteRule .*\.(jpg|gif|png|bmp|rar|zip|exe)$ - [F]

fz150n

  • 憂鬱的高中生
  • ***
  • 文章數: 111
    • 檢視個人資料
一直有相同的REFER出現在我的紀錄裡面
« 回覆 #4 於: 2006-05-17 22:29 »
那個~

error code從 200 變成 304
引用
10.3.5 304 Not Modified
If the client has performed a conditional GET request and access is allowed, but the document has not been modified, the server SHOULD respond with this status code. The 304 response MUST NOT contain a message-body, and thus is always terminated by the first empty line after the header fields.

The response MUST include the following header fields:

      - Date, unless its omission is required by section 14.18.1
If a clockless origin server obeys these rules, and proxies and clients add their own Date to any response received without one (as already specified by [RFC 2068], section 14.19), caches will operate correctly.

      - ETag and/or Content-Location, if the header would have been sent
        in a 200 response to the same request
      - Expires, Cache-Control, and/or Vary, if the field-value might
        differ from that sent in any previous response for the same
        variant
If the conditional GET used a strong cache validator (see section 13.3.3), the response SHOULD NOT include other entity-headers. Otherwise (i.e., the conditional GET used a weak validator), the response MUST NOT include other entity-headers; this prevents inconsistencies between cached entity-bodies and updated headers.

If a 304 response indicates an entity not currently cached, then the cache MUST disregard the response and repeat the request without the conditional.

If a cache uses a received 304 response to update a cache entry, the cache MUST update the entry to reflect any new field values given in the response


看來是有用了,不過看連線狀態,那些被我擋的網站好像在-狂連-狂連-狂連,
所以,我這麼做的結果是,減少了頻寬的佔用,還是增加了LOG,也增加了被[有心人士]連過來瞧瞧的機會呢?
 :o