如果 URL 在 Appengine 应用中被过度使用,我该怎么办?
What can I do about URLs getting overused in appengine app?
我的应用程序引擎应用程序(一个 class 广告网络应用程序)收到许多请求(当前为 323.2 requests/minute)来自许多不同的 IP 号码对我现在的同一个 URL:s删除。最好屏蔽 IP 号码,但它们通常是不同的 IP 号码。
URI Requests/Minute Current Requests Last 24 hours Runtime MCycles Last hour Average latency Last hour Traces Last 24 hours
/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recom 323.2 829,675 32 10,638 ms View Traces
/vi/5969701968543744.html 292.6 774,964 25 6,530 ms View Traces
/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgLTTq7YKDA/recom 159.8 423,785 34 10,282 ms View Traces
/vi/5868493903757312.html 149.2 397,066 24 6,497 ms View Traces
日志跟踪如下所示
18:59:23.918
GET
404
84 B
74 ms
IE 9
/vi/5969701968543744.html?msgid=msg_sent
182.46.160.242 - - [11/Jan/2017:18:59:23 +0100] "GET /vi/5969701968543744.html?msgid=msg_sent HTTP/1.1" 404 84 http://www.koolbusiness.com/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "www.koolbusiness.com" ms=74 cpu_ms=11 cpm_usd=9.387e-9 loading_request=0 instance=00c61b117c9b23bf4ab6026a69ae3bb6b1e412ed8006b8648c1b0d5280223769dbff63ca71fe0aed app_engine_release=1.9.48 trace_id=-
{
protoPayload: {…}
insertId: "5876727c000a14efe5072c1c"
httpRequest: {…}
resource: {…}
timestamp: "2017-01-11T17:59:23.918225Z"
labels: {…}
logName: "projects/montaoproject/logs/appengine.googleapis.com%2Frequest_log"
operation: {…}
}
它returns一个404和IP号通常是不同的,但是当我google其中一个IP号它被报告为"bad IP"和在中国。
302 看起来像这样,我将修复它 returns 404。
18:59:23.816
POST
302
209 B
139 ms
IE 9
/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend
182.38.139.77 - - [11/Jan/2017:18:59:23 +0100] "POST /market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend HTTP/1.1" 302 209 http://www.koolbusiness.com/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "www.koolbusiness.com" ms=139 cpu_ms=24 cpm_usd=1.1298799999999999e-7 loading_request=0 instance=00c61b117c9b23bf4ab6026a69ae3bb6b1e412ed8006b8648c1b0d5280223769dbff63ca71fe0aed app_engine_release=1.9.48 trace_id=-
{
protoPayload: {…}
insertId: "5876727c000a14dc603e5441"
httpRequest: {…}
resource: {…}
timestamp: "2017-01-11T17:59:23.816690Z"
labels: {…}
logName: "projects/montaoproject/logs/appengine.googleapis.com%2Frequest_log"
operation: {…}
}
class 如下所示,我将进行更改,以便在删除内容时 returns 返回 404。
class Recommend(Base2Handler):
csrf_protect = False
def post(self, key):
ad = db.get(db.Key(key))
email = self.request.POST['tip_email']
msg = unicode(self.request.POST['tip_msg'])
if isinstance(msg, unicode):
msg = msg.encode('utf-8')
name = self.request.POST['tip_name']
if isinstance(name, unicode):
name = name.encode('utf-8')
title = ad.title
if isinstance(title, unicode):
title = title.encode('utf-8')
host = self.request.host
senderemail = \
(users.get_current_user().email() if users.get_current_user() else ('info@montao.com.br'
if host.endswith('.br'
) else 'Kool Business <info@koolbusiness.com>'))
recommends = _('has recommended')
message = mail.EmailMessage(sender=senderemail,
subject='%s %s %s' % (name,
recommends, title))
message.to = email
message.body = '%s %s/vi/%s.html' % (msg, host, ad.key().id())
message.send()
matched_images = ad.matched_images
count = matched_images.count()
if ad.text:
p = re.compile(r'(www[^ ]*|http://[^ ]*)')
text = p.sub(r'<a href="http://" rel="nofollow"></a>',
ad.text.replace('http://', ''))
else:
text = None
#self.response.out.write('Message sent<br>')
self.redirect('/vi/%d.html?msgid=msg_sent' % (ad.key().id(), ))
我想我应该将其更改为 returns 404 未发布的内容
class Recommend(Base2Handler):
csrf_protect = False
def post(self, key):
ad = db.get(db.Key(key))
if not ad.published:
return self.error(404)
还有什么我可以做的吗?型号如下
class Ad(db.Model):
cities = db.ListProperty(db.Key)
regions = db.ListProperty(db.Key)
blobs = db.ListProperty(db.BlobKey)
primary_image = blobstore.BlobReferenceProperty()
usr = db.ReferenceProperty() # ndb_model.KeyProperty()
hasimages = db.BooleanProperty(default=False,
verbose_name='has_images')
userID = db.StringProperty(verbose_name='User ID')
integer_price = db.IntegerProperty()
ip = db.StringProperty(verbose_name='ip')
ipcountry = db.StringProperty(indexed=False, verbose_name='origin')
tags = db.ListProperty(db.Category)
category = db.CategoryProperty(verbose_name='Category')
title = db.StringProperty(verbose_name='title') # required
type = db.StringProperty(verbose_name='ContentType') # sell,wanted,rent,lease,buy
company_ad = db.BooleanProperty(default=False,
verbose_name='company_ad') # false or nothing
user = db.UserProperty(verbose_name='userid')
im = db.IMProperty(verbose_name='nickname') # optional, xmpp
city = db.StringProperty() # postaladdress should work instead
region = db.StringProperty() # postaladdress should work instead
url = db.StringProperty(verbose_name='url')
geopt = db.GeoPtProperty(verbose_name='geopt')
text = db.TextProperty(verbose_name='text')
currency = db.StringProperty(choices=(
'INR',
'EUR',
'ARS',
'AUD',
'BRL',
'GBP',
'CAD',
'CZK',
'DKK',
'HKD',
'HUF',
'ILS',
'JPY',
'MXN',
'NZD',
'NOK',
'PLN',
'PHP',
'SGD',
'SEK',
'SGD',
'CHF',
'USD',
'THB',
'TWB',
), verbose_name='Currency')
price = db.StringProperty(verbose_name='price')
phonenumber = db.PhoneNumberProperty(indexed=False,
verbose_name='phonenumber') # viewbit
phoneview = db.BooleanProperty(default=False,
verbose_name='phoneview')
email = db.EmailProperty(verbose_name='Email') # optional
name = db.StringProperty(verbose_name='Name')
published = db.BooleanProperty(default=True,
verbose_name='published')
开启csrf_protect肯定会有帮助。当他们看到他们的 post 没有得到处理时,他们会很快放弃。
现在,他们可能正试图 post 使用暴力手段在您的网站上发送垃圾邮件。
我的应用程序引擎应用程序(一个 class 广告网络应用程序)收到许多请求(当前为 323.2 requests/minute)来自许多不同的 IP 号码对我现在的同一个 URL:s删除。最好屏蔽 IP 号码,但它们通常是不同的 IP 号码。
URI Requests/Minute Current Requests Last 24 hours Runtime MCycles Last hour Average latency Last hour Traces Last 24 hours
/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recom 323.2 829,675 32 10,638 ms View Traces
/vi/5969701968543744.html 292.6 774,964 25 6,530 ms View Traces
/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgLTTq7YKDA/recom 159.8 423,785 34 10,282 ms View Traces
/vi/5868493903757312.html 149.2 397,066 24 6,497 ms View Traces
日志跟踪如下所示
18:59:23.918
GET
404
84 B
74 ms
IE 9
/vi/5969701968543744.html?msgid=msg_sent
182.46.160.242 - - [11/Jan/2017:18:59:23 +0100] "GET /vi/5969701968543744.html?msgid=msg_sent HTTP/1.1" 404 84 http://www.koolbusiness.com/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "www.koolbusiness.com" ms=74 cpu_ms=11 cpm_usd=9.387e-9 loading_request=0 instance=00c61b117c9b23bf4ab6026a69ae3bb6b1e412ed8006b8648c1b0d5280223769dbff63ca71fe0aed app_engine_release=1.9.48 trace_id=-
{
protoPayload: {…}
insertId: "5876727c000a14efe5072c1c"
httpRequest: {…}
resource: {…}
timestamp: "2017-01-11T17:59:23.918225Z"
labels: {…}
logName: "projects/montaoproject/logs/appengine.googleapis.com%2Frequest_log"
operation: {…}
}
它returns一个404和IP号通常是不同的,但是当我google其中一个IP号它被报告为"bad IP"和在中国。
302 看起来像这样,我将修复它 returns 404。
18:59:23.816
POST
302
209 B
139 ms
IE 9
/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend
182.38.139.77 - - [11/Jan/2017:18:59:23 +0100] "POST /market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend HTTP/1.1" 302 209 http://www.koolbusiness.com/market/ag9zfm1vbnRhb3Byb2plY3RyDwsSAkFkGICAgOqYrc0KDA/recommend "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "www.koolbusiness.com" ms=139 cpu_ms=24 cpm_usd=1.1298799999999999e-7 loading_request=0 instance=00c61b117c9b23bf4ab6026a69ae3bb6b1e412ed8006b8648c1b0d5280223769dbff63ca71fe0aed app_engine_release=1.9.48 trace_id=-
{
protoPayload: {…}
insertId: "5876727c000a14dc603e5441"
httpRequest: {…}
resource: {…}
timestamp: "2017-01-11T17:59:23.816690Z"
labels: {…}
logName: "projects/montaoproject/logs/appengine.googleapis.com%2Frequest_log"
operation: {…}
}
class 如下所示,我将进行更改,以便在删除内容时 returns 返回 404。
class Recommend(Base2Handler):
csrf_protect = False
def post(self, key):
ad = db.get(db.Key(key))
email = self.request.POST['tip_email']
msg = unicode(self.request.POST['tip_msg'])
if isinstance(msg, unicode):
msg = msg.encode('utf-8')
name = self.request.POST['tip_name']
if isinstance(name, unicode):
name = name.encode('utf-8')
title = ad.title
if isinstance(title, unicode):
title = title.encode('utf-8')
host = self.request.host
senderemail = \
(users.get_current_user().email() if users.get_current_user() else ('info@montao.com.br'
if host.endswith('.br'
) else 'Kool Business <info@koolbusiness.com>'))
recommends = _('has recommended')
message = mail.EmailMessage(sender=senderemail,
subject='%s %s %s' % (name,
recommends, title))
message.to = email
message.body = '%s %s/vi/%s.html' % (msg, host, ad.key().id())
message.send()
matched_images = ad.matched_images
count = matched_images.count()
if ad.text:
p = re.compile(r'(www[^ ]*|http://[^ ]*)')
text = p.sub(r'<a href="http://" rel="nofollow"></a>',
ad.text.replace('http://', ''))
else:
text = None
#self.response.out.write('Message sent<br>')
self.redirect('/vi/%d.html?msgid=msg_sent' % (ad.key().id(), ))
我想我应该将其更改为 returns 404 未发布的内容
class Recommend(Base2Handler):
csrf_protect = False
def post(self, key):
ad = db.get(db.Key(key))
if not ad.published:
return self.error(404)
还有什么我可以做的吗?型号如下
class Ad(db.Model):
cities = db.ListProperty(db.Key)
regions = db.ListProperty(db.Key)
blobs = db.ListProperty(db.BlobKey)
primary_image = blobstore.BlobReferenceProperty()
usr = db.ReferenceProperty() # ndb_model.KeyProperty()
hasimages = db.BooleanProperty(default=False,
verbose_name='has_images')
userID = db.StringProperty(verbose_name='User ID')
integer_price = db.IntegerProperty()
ip = db.StringProperty(verbose_name='ip')
ipcountry = db.StringProperty(indexed=False, verbose_name='origin')
tags = db.ListProperty(db.Category)
category = db.CategoryProperty(verbose_name='Category')
title = db.StringProperty(verbose_name='title') # required
type = db.StringProperty(verbose_name='ContentType') # sell,wanted,rent,lease,buy
company_ad = db.BooleanProperty(default=False,
verbose_name='company_ad') # false or nothing
user = db.UserProperty(verbose_name='userid')
im = db.IMProperty(verbose_name='nickname') # optional, xmpp
city = db.StringProperty() # postaladdress should work instead
region = db.StringProperty() # postaladdress should work instead
url = db.StringProperty(verbose_name='url')
geopt = db.GeoPtProperty(verbose_name='geopt')
text = db.TextProperty(verbose_name='text')
currency = db.StringProperty(choices=(
'INR',
'EUR',
'ARS',
'AUD',
'BRL',
'GBP',
'CAD',
'CZK',
'DKK',
'HKD',
'HUF',
'ILS',
'JPY',
'MXN',
'NZD',
'NOK',
'PLN',
'PHP',
'SGD',
'SEK',
'SGD',
'CHF',
'USD',
'THB',
'TWB',
), verbose_name='Currency')
price = db.StringProperty(verbose_name='price')
phonenumber = db.PhoneNumberProperty(indexed=False,
verbose_name='phonenumber') # viewbit
phoneview = db.BooleanProperty(default=False,
verbose_name='phoneview')
email = db.EmailProperty(verbose_name='Email') # optional
name = db.StringProperty(verbose_name='Name')
published = db.BooleanProperty(default=True,
verbose_name='published')
开启csrf_protect肯定会有帮助。当他们看到他们的 post 没有得到处理时,他们会很快放弃。
现在,他们可能正试图 post 使用暴力手段在您的网站上发送垃圾邮件。