Browsing this Thread:   1 Anonymous Users






nginx php 安全配置
#1
Quite a regular
Quite a regular


See User information
/etc/nginx/sites-available/yii.test.conf

#  server configuration

server {
    
listen 80;
    
listen [::]:80;


     
access_log /var/log/nginx/yii.access.log;
     
error_log  /var/log/nginx/yii.error.log;

    include 
security_web.conf;

    
root /var/www/html/yii/web;

    
# Add index.php to the list if you are using PHP
    
index index.html index.htm index.nginx-debian.html index.php;

    
server_name yii.test;

    
location / {
        
# First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        # try_files $uri $uri/  /index.php$uri;

        
try_files $uri  @phpok;

    }


    
# pass PHP scripts to FastCGI server

    
location @phpok {
        
fastcgi_pass 127.0.0.1:9000;
             include      
fastcgi_params;

        
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
        
fastcgi_param SCRIPT_NAME /index.php;
        
fastcgi_param PATH_INFO $uri;
    }





    
# deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /.ht {
    #    deny all;
    #}
}


/etc/nginx/security_web.conf

#禁特殊请求工具
if ($http_user_agent ~* "Wget|Curl|seo|sql|python|crawler|Crawler|mj12bot|AhrefsBot|SemrushBot|DotBot" ) {
return 
500;
break;
}

#过滤url参数
set $URL $request_uri;
if (
$URL ~* "root|x0|\[|\]|\$|eval|passthru|exec|system|chroot|chgrp|chown|shell_exec|proc_open|proc_get_status|ini_alter|ini_restore|openlog|syslog|readlink|symlink|popepassthru|stream_socket_server|fsocket|popen"){
return 
500;
break;
}


#禁特殊后缀
if ($URL ~* "\.\.|.asp|.xml|.jsp|.php|.aspx|.dev|.aspx|ewebeditor|.sql|.xsl|.asmx|.htaccess|.ini|.env|.git|.project|.cgi|.md5|ajax.js|.swf") {
return 
500;
break;
}

  
#禁空 UA
if ($http_user_agent ~* ^$) {
return 
500;
break;
}

Posted on: 7/18 12:05

Edited by eyex on 2022/7/18 16:31:59
Edited by eyex on 2022/8/5 9:46:26
Top








Themes

(2 themes)
Login
Username:

Password:


Lost Password?
Register now!
Categories