Anti-theft chain, is to prohibit other URLs linked to the site image text and other resources;
Add the following information in vim/usr/local/nginx/conf/vhost/test.com.conf//server
----------------------------------------------------------------------------------
Location ~* ^.+\. (Gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls) $
{
Expires 7d; Expiry Time 7 days
Valid_referers none blocked Server_names *.test.com; Anti-theft chain section, Referer domain name, none blocked whitelist
if ($invalid _referer) {//If non-domain
return 403;
}
Access_log off;
}
-----------------------------------------------------------------------------------
~* indicates that strings in parentheses are not case-sensitive;
/usr/local/nginx/sbin/nginx-t
/usr/local/nginx/sbin/nginx-s Reload
ls/data/wwwroot/test.com///To see what files are accessible in the directory
Curl-x127.0.0.1:80-i test.com/2.js//Status code 200, normal access;
Curl-e "Http://www.baidu.com/1.txt" -x127.0.0.1:80-i test.com/2.js//403 Forbidden
12.14 Nginx Access Control
Access control, allow to specify IP access, other inaccessible;
vim/usr/local/nginx/conf/vhost/test.com.conf //server Add the following information
---------------------------------------------------------
location/admin/
{
Allow 192.168.133.1;
Allow 127.0.0.1;
Deny all;
}
----------------------------------------------------------
mkdir/data/wwwroot/test.com/admin/
echo "Test,test" >/data/wwwroot/test.com/admin/1.html
/usr/local/nginx/sbin/nginx-t
/usr/local/nginx/sbin/nginx-s Reload
Curl-x127.0.0.1:80 Test.com/admin/1.html-i
curl-x192.168.133.130:80 test.com/admin/1.html- I.
Cat/tmp/test.com.log//View access log
vim/usr/local/nginx/conf/vhost/test.com.conf//server Add the following information
---------------------------------------------------------
Location ~.* (abc|jmage)/.*\.php$
{
Deny all;
}
----------------------------------------------------------
/usr/local/nginx/sbin/nginx-t
/usr/local/nginx/sbin/nginx-s Reload
mkdir/data/Wwwroot/test.com/upload
echo "1111 ">/data/wwwroot/test.com/upload/1.php
curl-x127.0.0.1:80 test.com/upload/1.php//403 Forbidden
echo "1111 ">/data/wwwroot/test.com/upload/1.txt
curl-x127.0.0.1:80 test.com/upload/1.txt //Normal access
Cat/tmp/test.com.log//View access log
Restrictions according to User_agent
vim/usr/local/nginx/conf/vhost/test.com.conf//server Add the following information
-------------------------------------------------------------------
if ($http _user_agent ~ ' spider/3.0| Youdaobot| Tomato ')
{
return 403;
}
-------------------------------------------------------------------
Deny all is the same as the return 403 effect
/usr/local/nginx/sbin/nginx-t
/usr/local/nginx/sbin/nginx-s Reload
curl-x127.0.0.1:80 test.com/upload/1.php //403 Forbidden
curl-x127.0.0.1:80 test.com/upload/1.txt-i //200 normal access
curl-a "TOMATOALSKDFLSD"-x127.0.0.1:80 test.com/upload/1.txt -i //403 Forbidden
curl-a "TOMATOALSKDFLSD"-x127.0.0.1:80 test.com/upload/1.txt -i //200 normal access
If you want to ignore case, disable
vim/usr/local/nginx/conf/vhost/test.com.conf //server Add the following information
-------------------------------------------------------------------
if ($http _user_agent ~* ' spider/3.0| Youdaobot| Tomato ')
{
return 403;
}
-------------------------------------------------------------------
/usr/local/nginx/sbin/nginx-t
/usr/local/nginx/sbin/nginx-s Reload
curl-a "TOMATOALSKDFLSD"-x127.0.0.1:80 test.com/upload/1.txt -i //403 Forbidden
curl-a "TOMATOALSKDFLSD"-x127.0.0.1:80 test.com/upload/1.txt -i //403 Forbidden
12.15 Nginx parsing PHP related configuration
vim/usr/local/nginx/conf/vhost/ test.com.conf Add the following information in the//server
-------------------------------------------------------------------
Location ~ \.php$
{
Include Fastcgi_parems;
Fastcgi_pass Unix:/tmp/php-fcgi.sock;
Fastcgi_ index index.php;
Fastcgi_parem Script_filename /data/wwwroot/test.com$fastcgi_script_name;
}
-------------------------------------------------------------------
Fastcgi_pass used to specify the address or socket of the PHP-FPM listener
If the wrong write content, the final test will report 502 errors;
vim/data/wwwroot/test.com/3.php//write the following:
-------------------------------------------------------------------
<?php
Phpinfo ();
-------------------------------------------------------------------
curl-x127.0.0.1:80 test.com/upload/3.php //Can not parse, directly to the source code (written content) display
/usr/local/nginx/sbin/nginx-t
/usr/local/nginx/sbin/nginx-s Reload
curl-x127.0.0.1:80 test.com/upload/3.php //Normal parsing
Tail/usr/local/nginx/logs/error.log//View error log
12.16 Nginx Agent
Cd/usr/local/nginx/conf/vhost
Vim proxy.conf//Add the following:
-------------------------------------------------------------------
Server
{
Listen 80;
server_name ask.apelearn.com; Define domain Names
Location/
{
Proxy_pass http://121.201.9.155/; Web server IP
Proxy_set_header Host $host; $host is actually server_name domain name
Proxy_set_header X-real-ip $remote _addr;
Proxy-set_header x-forwarded-for $proxy _add_x_forwarded_for;
}
}
-------------------------------------------------------------------
/usr/local/nginx/sbin/nginx-t
/usr/local/nginx/sbin/nginx-s Reload
Curl Ask.apelearn.com/robots.txt
Curl-x127.0.0.1:80 Ask.apelearn.com/robots.txt
Extended
502 Questions Summary http://ask.apelearn.com/question/9109
Location-Priority http://blog.lishiming.net/?p=100
Linux study notes 12 weeks four lessons (April 26)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
