如果 URL 在 Appengine 应用中被过度使用,我该怎么办?

What can I do about URLs getting overused in appengine app?

我的应用程序引擎应用程序(一个 class 广告网络应用程序)收到许多请求(当前为 323.2 requests/minute)来自许多不同的 IP 号码对我现在的同一个 URL:s删除。最好屏蔽 IP 号码,但它们通常是不同的 IP 号码。

URI     Requests/Minute Current Requests    Last 24 hours       Runtime MCycles Last hour       Average latency       Last hour     Traces Last 24 hours
/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recom    323.2   829,675     32  10,638 ms   View Traces
/vi/5969701968543744.html   292.6   774,964     25  6,530 ms    View Traces
/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgLTTq7YKDA/recom    159.8   423,785     34  10,282 ms   View Traces
/vi/5868493903757312.html   149.2   397,066     24  6,497 ms    View Traces 

日志跟踪如下所示

18:59:23.918
GET
404
84 B
74 ms
IE 9
/vi/5969701968543744.html?msgid=msg_sent
182.46.160.242 - - [11/Jan/2017:18:59:23 +0100] "GET /vi/5969701968543744.html?msgid=msg_sent HTTP/1.1" 404 84 http://www.koolbusiness.com/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "www.koolbusiness.com" ms=74 cpu_ms=11 cpm_usd=9.387e-9 loading_request=0 instance=00c61b117c9b23bf4ab6026a69ae3bb6b1e412ed8006b8648c1b0d5280223769dbff63ca71fe0aed app_engine_release=1.9.48 trace_id=-
{
 protoPayload: {…}  
 insertId: "5876727c000a14efe5072c1c"  
 httpRequest: {…}  
 resource: {…}  
 timestamp: "2017-01-11T17:59:23.918225Z"  
 labels: {…}  
 logName: "projects/montaoproject/logs/appengine.googleapis.com%2Frequest_log"  
 operation: {…}  
}

它returns一个404和IP号通常是不同的,但是当我google其中一个IP号它被报告为"bad IP"和在中国。

302 看起来像这样,我将修复它 returns 404。

18:59:23.816
POST
302
209 B
139 ms
IE 9
/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend
182.38.139.77 - - [11/Jan/2017:18:59:23 +0100] "POST /market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend HTTP/1.1" 302 209 http://www.koolbusiness.com/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "www.koolbusiness.com" ms=139 cpu_ms=24 cpm_usd=1.1298799999999999e-7 loading_request=0 instance=00c61b117c9b23bf4ab6026a69ae3bb6b1e412ed8006b8648c1b0d5280223769dbff63ca71fe0aed app_engine_release=1.9.48 trace_id=-
{
 protoPayload: {…}  
 insertId: "5876727c000a14dc603e5441"  
 httpRequest: {…}  
 resource: {…}  
 timestamp: "2017-01-11T17:59:23.816690Z"  
 labels: {…}  
 logName: "projects/montaoproject/logs/appengine.googleapis.com%2Frequest_log"  
 operation: {…}  
}

class 如下所示,我将进行更改,以便在删除内容时 returns 返回 404。

class Recommend(Base2Handler):
    csrf_protect = False

    def post(self, key):
        ad = db.get(db.Key(key))
        email = self.request.POST['tip_email']
        msg = unicode(self.request.POST['tip_msg'])
        if isinstance(msg, unicode):
            msg = msg.encode('utf-8')
        name = self.request.POST['tip_name']
        if isinstance(name, unicode):
            name = name.encode('utf-8')
        title = ad.title
        if isinstance(title, unicode):
            title = title.encode('utf-8')
        host = self.request.host
        senderemail = \
            (users.get_current_user().email() if users.get_current_user() else ('info@montao.com.br'
                                                                                if host.endswith('.br'
            ) else 'Kool Business <info@koolbusiness.com>'))
        recommends = _('has recommended')
        message = mail.EmailMessage(sender=senderemail,
                                    subject='%s %s %s' % (name,
                                                          recommends, title))
        message.to = email
        message.body = '%s %s/vi/%s.html' % (msg, host, ad.key().id())
        message.send()
        matched_images = ad.matched_images
        count = matched_images.count()
        if ad.text:
            p = re.compile(r'(www[^ ]*|http://[^ ]*)')
            text = p.sub(r'<a href="http://" rel="nofollow"></a>',
                         ad.text.replace('http://', ''))
        else:
            text = None
        #self.response.out.write('Message sent<br>')
        self.redirect('/vi/%d.html?msgid=msg_sent' % (ad.key().id(), ))

我想我应该将其更改为 returns 404 未发布的内容

class Recommend(Base2Handler):
    csrf_protect = False

    def post(self, key):
        ad = db.get(db.Key(key))

        if not ad.published:
            return self.error(404)

还有什么我可以做的吗?型号如下

class Ad(db.Model):
    cities = db.ListProperty(db.Key)
    regions = db.ListProperty(db.Key)
    blobs = db.ListProperty(db.BlobKey)
    primary_image = blobstore.BlobReferenceProperty()
    usr = db.ReferenceProperty()  # ndb_model.KeyProperty()
    hasimages = db.BooleanProperty(default=False,
                                   verbose_name='has_images')
    userID = db.StringProperty(verbose_name='User ID')
    integer_price = db.IntegerProperty()
    ip = db.StringProperty(verbose_name='ip')
    ipcountry = db.StringProperty(indexed=False, verbose_name='origin')
    tags = db.ListProperty(db.Category)
    category = db.CategoryProperty(verbose_name='Category')
    title = db.StringProperty(verbose_name='title')  # required
    type = db.StringProperty(verbose_name='ContentType')  # sell,wanted,rent,lease,buy
    company_ad = db.BooleanProperty(default=False,
                                    verbose_name='company_ad')  # false or nothing
    user = db.UserProperty(verbose_name='userid')
    im = db.IMProperty(verbose_name='nickname')  # optional, xmpp
    city = db.StringProperty()  # postaladdress should work instead
    region = db.StringProperty()  # postaladdress should work instead
    url = db.StringProperty(verbose_name='url')
    geopt = db.GeoPtProperty(verbose_name='geopt')
    text = db.TextProperty(verbose_name='text')
    currency = db.StringProperty(choices=(
        'INR',
        'EUR',
        'ARS',
        'AUD',
        'BRL',
        'GBP',
        'CAD',
        'CZK',
        'DKK',
        'HKD',
        'HUF',
        'ILS',
        'JPY',
        'MXN',
        'NZD',
        'NOK',
        'PLN',
        'PHP',
        'SGD',
        'SEK',
        'SGD',
        'CHF',
        'USD',
        'THB',
        'TWB',
    ), verbose_name='Currency')
    price = db.StringProperty(verbose_name='price')
    phonenumber = db.PhoneNumberProperty(indexed=False,
                                         verbose_name='phonenumber')  # viewbit
    phoneview = db.BooleanProperty(default=False,
                                   verbose_name='phoneview')
    email = db.EmailProperty(verbose_name='Email')  # optional
    name = db.StringProperty(verbose_name='Name')
    published = db.BooleanProperty(default=True,
                                   verbose_name='published')

开启csrf_protect肯定会有帮助。当他们看到他们的 post 没有得到处理时,他们会很快放弃。

现在,他们可能正试图 post 使用暴力手段在您的网站上发送垃圾邮件。