nginx - geoip - question/issue

    Hi,
    i have an issue regarding nginx and geoip module. I'm running a nextcloud instance on my openmediavault system behind nginx reverse proxy, which is able to be reached from the internet.
    Short summary of the setup:

    • openmediavault 4, latest version, regularly updated
    • nextcloud and mariadb are running inside docker containers within the omv docker plugin and are also quite up to date
    • as reverse i'm using the omv nginx plugin, which forwards https requests to the nextcloud docker container
    • everything is working fine from my point of view

    While inspecting the nginx logs, i've seen some scans of my system from foreign countries (eg China, Russia, SouthAfrica). All requests from those countries are answered with 4xx status codes, so i assume that they are not comprising my system, because the requests are invalid.
    As my system is located in Germany, and i don't want to share my nextcloud instance with the rest of the world, i've used to ban all IP's expect IPs from Germany. This seems to work, nearly all requests from outside Germany are answered with an 444 status code, as configured. For doing this, i'm using the geoip-module (not geoip2, as it is not available in the openmediavault 4 standard nginx version), with an database wrapped from geoip2 format to geoip1, for being up to date, as the original geoip1 db is out of date since some months/years.


    But, and that is the question/ issue from me: Some requests are still answered with a 4xx request, instead of 444, even if the IP was successfully mapped to a foreign country. The particularity is, that some request from same IP are answered with 444 and other request from the same IP are answered with 400 for example. Please see the log, first 3 requests are answered with 444 as expected, next 3 with 400, source IP is the same for all requests:


    Code
    5.62.yy.xxx [AX] - - [23/Jan/2020:10:22:05 +0100] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
5.62.yy.xxx [AX] - - [23/Jan/2020:10:22:05 +0100] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
5.62.yy.xxx [AX] - - [23/Jan/2020:10:22:06 +0100] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
5.62.yy.xxx [AX] - - [23/Jan/2020:10:22:06 +0100] "GET / HTTP/1.1" 400 271 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
5.62.yy.xxx [AX] - - [23/Jan/2020:10:22:06 +0100] "GET / HTTP/1.1" 400 271 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
5.62.yy.xxx [AX] - - [23/Jan/2020:10:22:06 +0100] "GET / HTTP/1.1" 400 271 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"


    Does anyone has an idea, why some requests are still answered with 4xx status codes?


    Thanks in advance, Joe

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden