search

vozlt / nginx-module-vts

Nginx virtual host traffic status module
BSD 2-Clause "Simplified" License
3.17k stars 456 forks source link

why there are so many strange and false hosts which start with number in each metrics? #261

Open huangyonghome opened 1 year ago

huangyonghome commented 1 year ago

nginx conf:

http { vhost_traffic_status_filter_by_host on; vhost_traffic_status_zone shared:vhost_traffic_status:32m; }

server conf

server {
        listen 10011;
     #   allow 127.0.0.1;
      #  deny all;
        server_name localhost;
        location /nginx_status {
            vhost_traffic_status_display;
            vhost_traffic_status_display_format html;
        }
    }

start nginx-vts-exporter

nginx-vts-exporter -nginx.scrape_timeout 10 -nginx.scrape_uri http://127.0.0.1:10011/ngin_status/format/json

below is the monitor metrics 

#abc.com is a false domain name,I hide the real one.

nginx_server_bytes{direction="in",host="0-9.abc.com"} 748
nginx_server_bytes{direction="in",host="0-api.abc.com"} 113 TYPE nginx_server_bytes counter
nginx_server_bytes{direction="in",host="${ip}"} 1155
nginx_server_bytes{direction="in",host="' *; host ceq67l6jndtcn5d40i907u4ksx66ipqku.oast.pro; '"} 178
nginx_server_bytes{direction="in",host="' *; host ceq67l6jndtcn5d40i907u8ok6dt7qgys.oast.pro; '"} 178
nginx_server_bytes{direction="in",host="' *; host ceq67l6jndtcn5d40i90dfuju1od83n9t.oast.pro; '"} 119
nginx_server_bytes{direction="in",host="' *; host ceq67l6jndtcn5d40i90nbe9ae463ecnc.oast.pro; '"} 178
nginx_server_bytes{direction="in",host="' *; host ceq67l6jndtcn5d40i90nxt7zyxi1mwue.oast.pro; '"} 119
nginx_server_bytes{direction="in",host="*"} 4.069418729738e+12
nginx_server_bytes{direction="in",host="0-0.abc.com"} 750
nginx_server_bytes{direction="in",host="0-3.abc.com"} 748
nginx_server_bytes{direction="in",host="0-8.abc.com"} 7490
nginx_server_bytes{direction="in",host="0-aptest.abc.com"} 759
nginx_server_bytes{direction="in",host="0-cp.abc.com"} 751
nginx_server_bytes{direction="in",host="0-dashboard.abc.com"} 765
nginx_server_bytes{direction="in",host="0-demo.abc.com"} 1132

Thanks you in advance.It will be appricated if anyone could help me

u5surf commented 1 year ago

@huangyonghome Hi, thanks reporting. Umm….Do you have any other server which is provided by nginx?

huangyonghome commented 1 year ago

@u5surf

Hi.Thanks for your reply..I tried two nginx servers.Both of them have the save problems

u5surf commented 1 year ago

@huangyonghome Does your configuration’s server_name have some wildcard expression such as server_name ~^(.*)\.example\.com$ ;? Anyway, we cannot reproduce your behavior anymore if you cannot give the minimal reproducible nginx.conf without you sensitive business data.

huangyonghome commented 1 year ago

@u5surf Yep.We have some wildcard server_name :

./conf_nwd/abc.conf: server_name .abc.com; ./conf_nwd/nwd.com.conf: server_name .nwd.net; ./conf_nwd/xyz.com.conf: server_name *.xyz.com;

u5surf commented 1 year ago

@huangyonghome Can’t we consider that the request had come actually hostname which is consisted of the string which can be matched the wild card

In fact, 0-9.abc.com can match wildcard host name which you present. Thus, we suggest that it should stop using the wildcard server name.