目前,我的AWS运行状况检查正在无情地攻击我的服务器:
...
54.228.16.40 - - [14/Jan/2014:10:17:22 +0000] "GET / HTTP/1.1" 301 178 "-" "Amazon Route 53 Health Check Service"
54.248.220.40 - - [14/Jan/2014:10:17:24 +0000] "GET / HTTP/1.1" 301 178 "-" "Amazon Route 53 Health Check Service"
54.232.40.110 - - [14/Jan/2014:10:17:25 +0000] "GET / HTTP/1.1" 301 178 "-" "Amazon Route 53 Health Check Service"
54.241.32.78 - - [14/Jan/2014:10:17:26 +0000] "GET / HTTP/1.1" 301 178 "-" "Amazon Route 53 Health Check Service"
54.245.168.46 - - [14/Jan/2014:10:17:28 +0000] "GET / HTTP/1.1" 301 178 "-" "Amazon Route 53 Health Check Service"
54.251.31.174 - - [14/Jan/2014:10:17:28 +0000] "GET / HTTP/1.1" 301 178 "-" "Amazon Route 53 Health Check Service"
...
我想将 NginX 配置为不记录任何具有 "Amazon Route 53 Health Check Service"
的用户代理的请求。
我目前的尝试如下所示:
# default server for forwarding all requests over to main www domain
server {
listen 80 default_server;
server_name _;
return 301 $scheme://www.example.com$request_uri;
}
# server configured to catch aws health check requests
server {
listen 80;
server_name 12.345.67.89;
location / {
if ( $http_user_agent ~* 'Amazon Route 53 Health Check Service' ) {
access_log off;
return 200 'Service OK';
}
}
}
# actual application server
server {
listen 80;
server_name www.example.com;
location / {
...
}
}
这对我来说看起来不错,事实上,当我 CURL 设置运行状况检查的相同地址时:
curl --user-agent "Amazon Route 53 Health Check Service" http://12.345.67.89:80/
我得到了我所期望的:
Service OK
而且我的请求最终不会出现在日志中。
但是,当这些请求来自实际的 AWS 运行状况检查时,我的日志继续被这些请求淹没。
关于我做错了哪里的任何想法?
谢谢
我们可以映射 NGINX 设置的用户代理变量,并将值设置为布尔值,以便在定义访问日志路径和格式时使用。查看下面的nginx块以供参考。
map $http_user_agent $log_ua {
~Pingdom 0;
~Amazon-Route53 0;
~SomeOtherUA 0;
default 1;
}
server {
...
access_log /var/log/nginx/access.log main combined if=$log_ua;
}
所以事实证明,我的健康检查是为了命中example.com
而不是 IP 地址:我的错。
作为记录,我通过将 $host
变量添加到我的日志格式中来发现这一点(请参阅行尾):
log_format debug_format '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" host:"$host"';
access_log /var/log/nginx/access.log debug_format;
反正干杯