Nginx 被别人用来做代理怎么破

上配置

我的服务器也是nginx的。。话说 怎么会被别人拿来做代理的？？？

你应该是自己开启了反代功能，然后没有限制来源IP地址吧

server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;

root /usr/share/nginx/html/yiitimeserver/frontend/web;
index index.php;

# Make site accessible from http://localhost/
server_name localhost;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$args;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}


location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}

@lzk800 恩，后面连接的php-fpm
web完全不熟，应该可以限制只代理我的域名吧？

我觉得只是别人在扫描 http 代理吧？

23.225.206.4 - - [15/Dec/2014:06:12:21 +0000] "GET http://www.so.com/?rands=_2510213733289952325356524 HTTP/1.1" 200 114 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
23.225.206.4 - - [15/Dec/2014:06:12:21 +0000] "GET http://23.225.206.4/vs.php?rands=_1400492510623092681449488 HTTP/1.1" 404 579 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
23.225.206.4 - - [15/Dec/2014:06:12:21 +0000] "GET http://www.baidu.com/?rands=_14004103394224869041620016 HTTP/1.1" 200 114 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
23.225.206.4 - - [15/Dec/2014:06:12:21 +0000] "GET http://www.soso.com/?rands=_2922020291983713940733336 HTTP/1.1" 200 114 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
23.225.206.4 - - [15/Dec/2014:06:12:21 +0000] "GET http://218.59.238.92:8080/?rands=_2922022255724425120863444 HTTP/1.1" 200 114 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

这种log应该是做代理上网呢吧？

server段中加入以下代码用于限制域名访问：
valid_referers server_name *.abc.com abc.com;
if ($invalid_referer) {
return 403;
}

@lzk800 谢谢
我现在把我的server命名了，然后加了一个default_server指向404和这个原理是不是也差不多呢？
现在看log，那些请求都404了

@snail1988 想怎么实现都可以，nginx的配置自由度比较大

只是在扫描代理而已，实际上返回的是你自己网站的内容。可以忽略掉。

@lzk800 还是不行。。。 重启niginx之后 还是有访问其他网站 200 的记录

主配置文件里加一条默认配置，没配置的域名都返回404 。


server {
return 404;
}

谢谢大家回复，已经明白了
附上一条wiki，很好的解释了这个问题，和我一样不明白的同学也可以看看
http://wiki.apache.org/httpd/ProxyAbuse

刚看到自己服务器这日志惊了一下