问题
I am programming a home Web server for home automation. I've seen several times 'bots' scanning the ports of my server. To avoid give any kind of activity signs to undesired scans, I'm trying to avoid generate any kind of answer for specific URLs, like '/', ie. configure a silent mode for the typical scanned URL's. I've tried with void .route decorators, error addressing and void pages, but all of them generated some kind of response. It's that possible in Flask with Python? Any workaround? Thanks
回答1:
What I would suggest is to return a custom error code for urls you are getting scanned, like HTTP_410_GONE.
From: http://www.flaskapi.org/api-guide/status-codes/
@app.route('/')
def empty_view(self):
content = {'please move along': 'nothing to see here'}
return content, status.HTTP_410_GONE
Put nginx in front of your flask app and use a fail2ban config to watch for this error code and start banning ips that are constantly hitting these urls.
From: https://github.com/mikechau/fail2ban-configs/blob/master/filter.d/nginx-404.conf
# Fail2Ban configuration file
[Definition]
failregex = <HOST> - - \[.*\] "(GET|POST).*HTTP.* 410
ignoreregex =
回答2:
I had exactly the same need as you and decided to just return from 404 and 500 handlers:
@staticmethod
@bottle.error(404)
def error404(error):
log.warning("404 Not Found from {0} @ {1}".format(bottle.request.remote_addr, bottle.request.url))
@staticmethod
@bottle.error(500)
def error500(error):
log.warning("500 Internal Error from {0} @ {1}".format(bottle.request.remote_addr, bottle.request.url))
The example is for bottle but you can adapt it with flask.
Beside catching the obvious 404 I decided to do the same with 500 in case an unexpected call from the scanners would crash my script so that no traceback information is provided.
来源:https://stackoverflow.com/questions/36820192/flask-how-to-avoid-generate-any-kind-of-answer-for-a-specific-url