/etc/nginx/sites-available/yii.test.conf
# server configuration
server {
listen 80;
listen [::]:80;
access_log /var/log/nginx/yii.access.log;
error_log /var/log/nginx/yii.error.log;
include security_web.conf;
root /var/www/html/yii/web;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html index.php;
server_name yii.test;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ /index.php$uri;
try_files $uri @phpok;
}
# pass PHP scripts to FastCGI server
location @phpok {
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
fastcgi_param SCRIPT_NAME /index.php;
fastcgi_param PATH_INFO $uri;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /.ht {
# deny all;
#}
}
/etc/nginx/security_web.conf
if ( $request_method !~ ^(GET|POST|HEAD|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH)$ ) {
return 500;
}
#禁特殊请求工具
if ($http_user_agent ~* "Wget|Curl|seo|sql|python|crawler|Crawler|mj12bot|AhrefsBot|SemrushBot|DotBot" ) {
return 500;
break;
}
#过滤url参数
set $URL $request_uri;
if ($URL ~* "root|x0|\[|\]|\$|eval|passthru|exec|system|chroot|chgrp|chown|shell_exec|proc_open|proc_get_status|ini_alter|ini_restore|openlog|syslog|readlink|symlink|popepassthru|stream_socket_server|fsocket|popen"){
return 500;
break;
}
#禁特殊后缀
if ($URL ~* "\.\.|.asp|.xml|.jsp|.php|.aspx|.dev|.aspx|ewebeditor|.sql|.xsl|.asmx|.htaccess|.ini|.env|.git|.project|.cgi|.md5|ajax.js|.swf") {
return 500;
break;
}
#禁空 UA
if ($http_user_agent ~* ^$) {
return 500;
break;
}
