My server is compiled on a docker.
The Nginx container is built from a standard assembly.
I want to read the access.log nginx but I see this kind of content:
172.68.244.173 - - [24/Aug/2018:12:14:04 +0000] "\x16\x03\x01\x00\xEC\x01\x00\x00\xE8\x03\x03\x8A?\xB5\xFA\x17?\x8A\x9B\x04T>yK\x1A\xF6\x8F_\xBE:.\xF9\xED\xF6\xEE\xFCM\xD0\x88Ji\xDD\xF5 \xFF\xBDm\x98@mo:U\xA6\x0E\xB7\x93\x02sm`\xC6\xD1s0vV*\x88y\xDA&\xFCfZ\xF4\x00\x16\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0\x13\x00\x9C\x00/\xC0(\x005\x00" 400 173 "-" "-"
How to read such a log? What does this mean?
根据nginx 文档,默认访问日志格式为:
log_format combined '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
应用于您的日志行:
$remote_addr = 172.68.244.173
(literal string for compatibility reasons) = -
$remote_user (from Auth Header) = -
$time_local = [24/Aug/2018:12:14:04 +0000]
$request = "\x16\x03\x01\x00\xEC\x01\x00\x00\xE8\x03\x03\x8A?\xB5\xFA\x17?\x8A\x9B\x04T>yK\x1A\xF6\x8F_\xBE:.\xF9\xED\xF6\xEE\xFCM\xD0\x88Ji\xDD\xF5 \xFF\xBDm\x98@mo:U\xA6\x0E\xB7\x93\x02sm`\xC6\xD1s0vV*\x88y\xDA&\xFCfZ\xF4\x00\x16\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0\x13\x00\x9C\x00/\xC0(\x005\x00"
$status = 400
$body_bytes_sent = 173
$http_referer = "-"
$http_user_agent = "-"
总结一下:您的服务器收到来自地址 172.68.244.173 的请求,但没有发送用户代理标头,并且该请求主要由不可打印的字符组成。这可能是发送错误请求的坏客户端,更有可能是试图发现您的 Web 服务器或应用程序中的漏洞。互联网上的任何服务器都会经常发生这种情况。
| 归档时间: |
|
| 查看次数: |
6224 次 |
| 最近记录: |