12.13 Nginx anti-theft chain 12.14 Nginx access control 12.15 nginx parsing PHP related matching

Last Update:2018-03-16 Source: Internet

Author: User

Tags fpm ranges

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

12.13 Nginx anti-theft chain

Vim/usr/local/nginx/conf/vhost/test.com.conf
Join
Location ~ ^.+. ( Gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls) $
{
Expires 7d;
Valid_referers None blocked Server_names . test.com;
if ($invalid _referer) {
return 403;
}
Access_log off;
}
and save the exit.

[Email protected] vhost]#/usr/local/nginx/sbin/nginx-t
Nginx:the configuration file/usr/local/nginx/conf/nginx.conf syntax is OK
Nginx:configuration file/usr/local/nginx/conf/nginx.conf Test is successful
[Email protected] vhost]#/usr/local/nginx/sbin/nginx-s Reload
[Email protected] vhost]# curl-x127.0.0.1:80-i-E "Http://aaa.com/1.txt" test.com/1.gif
http/1.1 403 Forbidden
server:nginx/1.12.1
Date:fri, Mar 2018 06:24:30 GMT
Content-type:text/html
content-length:169
Connection:keep-alive
[Email protected] vhost]# curl-i-E "Http://test.com/1.txt" test.com/1.gif
http/1.1 OK
server:nginx/1.12.1
Date:fri, Mar 2018 06:28:50 GMT
Content-type:image/gif
Content-length:16
last-modified:wed, Mar 2018 16:17:46 GMT
Connection:keep-alive
ETag: "5aa94b2a-10"
Expires:fri, Mar 2018 06:28:50 GMT
cache-control:max-age=604800
Accept-ranges:bytes
[Email protected] vhost]# curl-i-E "Http://test.com/1.txt" lgx168.com/
http/1.1 OK
server:nginx/1.12.1
Date:fri, Mar 2018 06:33:03 GMT
Content-type:text/html
Content-length:26
Last-modified:tue, Mar 2018 15:52:31 GMT
Connection:keep-alive
ETag: "5AA7F3BF-1A"
Accept-ranges:bytes

12.14 Nginx Access Control

[Email protected] vhost]#!vim
Vim/usr/local/nginx/conf/vhost/test.com.conf

location/admin/
{
Allow 192.168.133.1;
Allow 127.0.0.1;
Deny all;
}

[Email protected] vhost]#/usr/local/nginx/sbin/nginx-t
Nginx:the configuration file/usr/local/nginx/conf/nginx.conf syntax is OK
Nginx:configuration file/usr/local/nginx/conf/nginx.conf Test is successful
[Email protected] vhost]#/usr/local/nginx/sbin/nginx-s Reload
[Email protected] vhost]# mkdir/data/wwwroot/test.com/admin
[Email protected] vhost]# echo "123" >/data/wwwroot/test.com/admin/1.html
[Email protected] vhost]# curl-x192.168.15.132:80 test.com/admin/1.html
123
[Email protected] vhost]# curl-x127.0.0.1:80 test.com/admin/1.html
123
[Email protected] vhost]# ifconfig
Ens33:flags=4163<up,broadcast,running,multicast> MTU 1500
inet 192.168.15.132 netmask 255.255.255.0 broadcast 192.168.15.255
Inet6 fe80::996a:3fe7:cdd7:2bd3 Prefixlen ScopeID 0x20<link>
Ether 00:0c:29:56:59:af Txqueuelen (Ethernet)
RX packets 2768 Bytes 264282 (258.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2060 bytes 267554 (261.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ens33:0: Flags=4163<up,broadcast,running,multicast> MTU 1500
inet 192.168.15.136 netmask 255.255.255.0 broadcast 192.168.15.255
Ether 00:0c:29:56:59:af Txqueuelen (Ethernet)

Ens37:flags=4163<up,broadcast,running,multicast> MTU 1500
inet 192.168.1.98 netmask 255.255.255.255 broadcast 192.168.1.98
Inet6 fe80::93d:8d08:a36c:e0c3 Prefixlen ScopeID 0x20<link>
Ether 00:0c:29:56:59:b9 Txqueuelen (Ethernet)
RX Packets 0 Bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX Packets Bytes 744 (744.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Lo:flags=73<up,loopback,running> MTU 65536
inet 127.0.0.1 netmask 255.0.0.0
Inet6:: 1 prefixlen ScopeID 0x10Loop Txqueuelen 1 (Local Loopback)
RX Packets Bytes 5481 (5.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX Packets Bytes 5481 (5.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[[email protected] vhost]# curl-x192.168.1.98:80 test.com/admin/1.html
<body bgcolor= "white";
<center>

</body
[[email protected] vhost]# tail/tmp/test.com.log
127.0.0.1-[15/mar/ 2018:00:19:27 +0800] test.com "/index.html"-"curl/7.29.0"
127.0.0.1-[15/mar/2018:00:20:51 +0800] test.com "/ Index.html "$"-"curl/7.29.0"
127.0.0.1-[15/mar/2018:00:21:03 +0800] test.com "/2.JSGHFGFH" 404 "-" "curl/7.29.0 "
192.168.15.132-[16/mar/2018:14:50:12 +0800] test.com"/admin/1.html "-" curl/7.29.0 "
127.0.0.1-[16/mar /2018:14:50:30 +0800] test.com "/admin/1.html" "-" "curl/7.29.0"
192.168.1.98-[16/mar/2018:14:51:20 +0800] Test . com "/admin/1.html" 403 "-" "curl/7.29.0"

Vim/usr/local/nginx/conf/vhost/test.com.conf
Location ~.(abc|image)/.. php$
{
Deny all;
}
if ($http _user_agent ~ ' spider/3.0| Youdaobot| Tomato ')
{
return 403;
}
[Email protected] vhost]# curl-x192.168.15.132:80 test.com/upload/1.php
<body bgcolor= "White" >
<center></body>
[Email protected] vhost]# curl-x192.168.15.132:80 test.com/upload/1.txt
123
[Email protected] vhost]# curl-a "TOMATODSFSD"-x127.0.0.1:80 test.com/upload/1.txt
<body bgcolor= "White" >
<center></body>
[Email protected] vhost]# curl-a "TOMATODSFSD"-x127.0.0.1:80 test.com/upload/1.txt
123
[Email protected] vhost]#!tail
Tail/tmp/test.com.log
127.0.0.1-[15/mar/2018:00:20:51 +0800] test.com "/index.html"-"curl/7.29.0"
127.0.0.1-[15/mar/2018:00:21:03 +0800] test.com "/2.JSGHFGFH" 404 "-" "curl/7.29.0"
192.168.15.132-[16/mar/2018:14:50:12 +0800] test.com "/admin/1.html"-"curl/7.29.0"
127.0.0.1-[16/mar/2018:14:50:30 +0800] test.com "/admin/1.html"-"curl/7.29.0"
192.168.1.98-[16/mar/2018:14:51:20 +0800] test.com "/admin/1.html" 403 "-" "curl/7.29.0"
192.168.1.98-[16/mar/2018:15:10:35 +0800] test.com "/admin/1.html" 403 "-" "curl/7.29.0"
192.168.15.132-[16/mar/2018:15:11:20 +0800] test.com "/upload/1.php" 403 "-" "curl/7.29.0"
192.168.15.132-[16/mar/2018:15:11:29 +0800] test.com "/upload/1.txt"-"curl/7.29.0"
127.0.0.1-[16/mar/2018:15:13:48 +0800] test.com "/upload/1.txt" 403 "-" "TOMATODSFSD"
127.0.0.1-[16/mar/2018:15:14:08 +0800] test.com "/upload/1.txt"-"TOMATODSFSD"

12.15 Nginx parsing PHP related configuration

Vim/usr/local/nginx/conf/vhost/test.com.conf
Location ~. php$
{
Include Fastcgi_params;
Fastcgi_pass Unix:/tmp/php-fcgi.sock;
Fastcgi_index index.php;
Fastcgi_param Script_filename/data/wwwroot/test.com$fastcgi_script_name;
}
Where Fastcgi_pass is used to specify the address of the PHP-FPM. If PHP-FPM is listening to a tcp:port address (127.0.0.1:9000), then it needs to be changed to Fastcgi_pass 127.0.0.1:9000. This address must match the PHP-FPM service listening address, otherwise reported 502 error.
The path followed by Fastcgi_param Script_filename is the directory for the site, consistent with the root path defined previously. If not, access to the PHP page appears 404
/usr/local/nginx/sbin/nginx-t
/usr/local/nginx/sbin/nginx-s Reload
Curl-x127.0.0.1:80 test.com/3.php

12.16 Nginx Agent

[Email protected] vhost]# vim proxy.conf
[email protected] vhost]# cat!$
Cat proxy.conf
Server
{
Listen 80;
server_name ask.apelearn.com;

location /{    proxy_pass      http://121.201.9.155/;    proxy_set_header Host   $host;    proxy_set_header X-Real-IP      $remote_addr;    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}

}
[[email protected] vhost]# Ping ask.apelearn.com
PING ask.apelearn.com (47.91.145.78) bytes of data.
Bytes from 47.91.145.78 (47.91.145.78): icmp_seq=1 ttl=128 time=14.5 ms
Bytes from 47.91.145.78 (47.91.145.78): icmp_seq=2 ttl=128 time=13.9 ms
Bytes from 47.91.145.78 (47.91.145.78): icmp_seq=3 ttl=128 time=15.2 ms
Bytes from 47.91.145.78 (47.91.145.78): icmp_seq=4 ttl=128 time=13.9 ms
Bytes from 47.91.145.78 (47.91.145.78): icmp_seq=5 ttl=128 time=15.1 ms
^c
---ask.apelearn.com ping statistics---
5 Packets transmitted, 5 received, 0% packet loss, time 4009ms
RTT Min/avg/max/mdev = 13.949/14.582/15.239/0.568 ms
[Email protected] vhost]#!vim
Vim proxy.conf
[Email protected] vhost]#/usr/local/nginx/sbin/nginx-t
Nginx:the configuration file/usr/local/nginx/conf/nginx.conf syntax is OK
Nginx:configuration file/usr/local/nginx/conf/nginx.conf Test is successful
[Email protected] vhost]#/usr/local/nginx/sbin/nginx-s Reload
[Email protected] vhost]# curl-x127.0.0.1:80 ask.apelearn.com-i
http/1.1 OK
server:nginx/1.12.1
Date:fri, Mar 2018 08:04:17 GMT
Content-type:text/html
Connection:keep-alive
Vary:accept-encoding
x-powered-by:php/5.3.29
p3p:cp= "CURa ADMa DEVa Psao psdo our BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
SET-COOKIE:APE__SESSION=JJBVDUM6RK71RROFNN4LBJIAP5; path=/; Domain=.apelearn.com
Expires:thu, 1981 08:52:00 GMT
Cache-control:no-store, No-cache, Must-revalidate, post-check=0, pre-check=0
Pragma:no-cache

[Email protected] vhost]# Curl 127.0.0.1:80 ask.apelearn.com/robots.txt
This is the default site.
#

Robots.txt for Miwen

User-agent: *

Disallow:/?/admin/
Disallow:/?/people/
Disallow:/?/question/
Disallow:/account/
Disallow:/app/
Disallow:/cache/
Disallow:/install/
Disallow:/models/
Disallow:/crond/run/
Disallow:/search/
Disallow:/static/
Disallow:/setting/
Disallow:/system/
Disallow:/tmp/
Disallow:/themes/
Disallow:/uploads/
Disallow:/url-*
Disallow:/views/

12.13 Nginx anti-theft chain 12.14 Nginx access control 12.15 nginx parsing PHP related matching

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More