Recently I have deployed my website using node.js server and using Nginx as reverse proxy, also nginx handles SSL, and forwards the HTTPS to HTTP server of node.js running at specific port. I am using UFW firewall and only allowed OpenSSH and Nginx Full. Within a few hours, my access.log fills up with requests as given below. After a day, access.log is around 7 to 8 GB, which is too big for my 10 GB Ubuntu Server.
- Please tell me what I have done wrong or is there any configuration I have to do to not allow certain requests.
For deployment, I downloaded Node.js from node source repository and then installed necessary node modules, enabled UFW firewall, enabled SSL on my website and changed
nginx/conf.d/www.websitname.com.conf
to proxy request to
localhost:someport.
Also, I have created a websitename.conf file in the sites-available folder and enabled it via symbolic links, websitename.conf proxies the IP-Address of my website to IP-ADDRESS:PORT.
Overall, the website is up and running fine.
But the Access.log fills up my Ubuntu Server very fast and within few hours Ubuntu Server space running out.
For now, I am manually truncating content of access.log, but I am in doubt that access.log fills that quickly with so much request even though there is not much traffic on my website.
THIS IS THE SNAPSHOT OF tail access.log
51.15.188.226 - - [30/May/2023:07:16:50 +0000] "GET http://www.168mu.cn/ HTTP/1.1" 404 134 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko"
51.15.188.226 - - [30/May/2023:07:16:50 +0000] "GET http://www.168mu.cn/ HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3599.0 Safari/537.36"
51.15.188.226 - - [30/May/2023:07:16:50 +0000] "GET http://www.168mu.cn/ HTTP/1.1" 404 134 "-" "Mozilla/5.0 (Linux; Android 5.0; SM-G920A) AppleWebKit (KHTML, like Gecko) Chrome Mobile Safari (compatible; AdsBot-Google-Mobile; +http://www.google.com/mobile/adsbot.html)"
51.15.188.226 - - [30/May/2023:07:16:50 +0000] "GET http://www.168mu.cn/ HTTP/1.1" 404 134 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko"
120.244.220.48 - - [30/May/2023:07:16:51 +0000] "HEAD http://www.baidu.com/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"
185.214.10.142 - - [30/May/2023:07:16:52 +0000] "GET http://azenv.net/ HTTP/1.1" 404 134 "-" "Go-http-client/1.1"
185.227.153.226 - - [30/May/2023:07:16:55 +0000] "CONNECT 182.22.25.124:443 HTTP/1.1" 400 166 "-" "-"
119.52.119.195 - - [30/May/2023:07:16:55 +0000] "CONNECT al.autohome.com.cn:443 HTTP/1.1" 400 166 "-" "-"
43.134.213.189 - - [30/May/2023:07:16:56 +0000] "CONNECT lumtest.com:443 HTTP/1.1" 400 166 "-" "-"
47.107.101.106 - - [30/May/2023:07:17:01 +0000] "CONNECT waiting.flypeach.com:443 HTTP/1.1" 400 166 "-" "-"
Please tell what's the solution, what I have done wrong, receiving so many access requests, and also, please tell are they genuine requests every server receives it, or it is just me due to any configuration issues or deployment issues.
