Я получаю TON запросов с очень случайными URI.Я хотел бы заблокировать запрос на IPTables или что-то еще, если URL не для моего сайта.Он заполняет все мои активные подключения в Apache, поэтому каждый раз, когда я перезагружаю веб-сервер, он отключается в течение нескольких минут.
IPTables
Установлен Fail2ban, mod_secure, пробовал много фильтров и различных комбинаций.
125.115.93.126 - - [26/May/2019:05:42:26 +0200] "CONNECT help.steampowered.com:443 HTTP/1.1" 500 812 "-" "-" 27.50.162.187 - - [26/May/2019:05:42:26 +0200] "CONNECT tx-bj4-live-comet-03.chat.bilibili.com:2243 HTTP/1.1" 500 830 "-" "Go-http-client/1.1" 39.66.79.105 - - [26/May/2019:05:42:26 +0200] "CONNECT iforgot.apple.com:443 HTTP/1.1" 500 808 "-" "-" 134.119.206.223 - - [26/May/2019:05:42:25 +0200] "GET http://www.windfone.com/shouji-sx-9006w.html HTTP/1.1" 200 19313 "http://news.windfone.com/azzx/5916.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" 104.202.174.123 - - [26/May/2019:05:42:25 +0200] "POST http://lf.snssdk.com/service/2/app_log/?iid=58211463713&device_id=68561661116&ac=wifi&channel=oppo-cpa&aid=13&app_name=news_article&version_code=663&version_name=6.6.3&device_platform=android&ab_version=289048%2C298479%2C300499%2C271178%2C299557%2C252767%2C249828%2C246859%2C293083%2C298070%2C298262%2C294017%2C297080%2C301434%2C229305%2C301384%2C298631%2C283849%2C276640%2C301373%2C301317%2C259488%2C284439%2C240865%2C280773%2C301026%2C301230%2C298955%2C300945%2C295037%2C300298%2C300047%2C298815%2C300763%2C251712%2C298180%2C301282%2C299702%2C31207%2C292322%2C298580%2C289005%2C299776%2C299239%2C258356%2C247850%2C280448%2C281299%2C249045%2C297320%2C210685%2C212395%2C251076%2C296951%2C299192%2C288417%2C290197%2C260651%2C292291%2C297396%2C241181%2C299542%2C285404%2C295827%2C284020%2C239095%2C296064%2C301194%2C170988%2C300501%2C294503%2C301280%2C265169%2C281392%2C299983%2C297058%2C243585%2C276204%2C285343%2C293257%2C257280%2C300086%2C295188%2C295753&ab_client=a1%2Cc4%2Ce1%2Cf2%2Cg2%2Cf7&ab_group=100167%2C94564%2C102752%2C181429&ab_feature=102752%2C94564&abflag=3&ssmix=a&device_type=LEX720&device_brand=LeEco&language=zh&os_api=23&os_version=6.0.1&uuid=767073608680635&openudid=0771c8ba3e50a568&manifest_version_code=663&resolution=1080*1920&dpi=420&update_version_code=66308&_rticket=1558842178853&plugin=10575&rom_version=23&tt_data=a HTTP/1.1" 200 606 "-" "Dalvik/2.1.0 (Linux; U; Android 6.0.1; LEX720 Build/WAXCNFN5902606012S) NewsArticle/6.5.0 okhttp/3.7.0.2" 112.245.242.33 - - [26/May/2019:05:42:26 +0200] "CONNECT iforgot.apple.com:443 HTTP/1.1" 500 808 "-" "-" 109.240.162.22 - - [26/May/2019:05:42:26 +0200] "POST http://elmasteriptv.com:8000/client_area/ HTTP/1.1" 200 1774 "-" "Mozilla/5.0 (Linux; Android 4.4.2; R8007 Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36" 146.247.137.9 - - [26/May/2019:05:42:26 +0200] "GET http://prxjdg.opoint.com/prxjdg.cgi HTTP/1.1" 200 1299 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0"