搜集整理+手写
#nginx防护规则,可防护WP,防止内容文件扫描、防扫描,添加完成后重载或者重启nginx即可 #在/www/wwwroot/[web目录]/新建nginx_firewall.conf 空白文件,然后复制粘贴整个内容 #在nginx 配置文件server区域添加:include /www/wwwroot/[web目录]/nginx_firewall.conf; #禁止访问的文件或目录 location ~ ^/(\.htaccess|\.project|LICENSE|README.md|feed|feeds|owa|xxxss|wp-includes/wlwmanifest.xml|demo/js/common.js|css/album.css|data|backup|e/data/js/ajax.js|bbs){ deny all; access_log off; log_not_found off; } #禁止空agent的浏览器访问 if ($http_user_agent ~ ^$) { return 403; } #禁止指定UA的访问 if ($http_user_agent ~ "ApacheBench|WebBench|HttpClient|Java|python|Go-http-client|FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Feedly|UniversalFeedParser|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|MJ12bot|heritrix|EasouSpider|LinkpadBot|Ezooms|mj12bot" ){ rewrite ^/.* /404.html last; } #特定IP跳转,强制恶意IP直接跳转至工信部 if ($remote_addr ~* "180.101.214.20|180.101.214.21|180.101.214.148|122.55.53.192|58.19.125.0/24|123.182.246.194|183.131.66.29|180.97.35.91|180.97.35.165|180.97.35.90|180.97.35.21|180.97.35.89|180.97.35.219|180.97.35.216|180.97.35.37|180.97.35.88|180.97.35.164|180.97.35.217|180.97.35.149|113.24.224.0/24|36.138.165.129|121.230.88.204|119.62.132.211"){ return 301 https://beian.miit.gov.cn/?site=brandsite&from=footer#/Integrated/index; } # 屏蔽文件扫描 location ~* \.(exe|htm|asa|asp|sql|zip|tar\.gz|tar|rar|gz|aspx|bak|ashx)$ { deny all; access_log off; log_not_found off; #把上面的注释掉,用return直接重定向至工信部的官网 #return 301 https://www.miit.gov.cn/; } # 禁止CDN缓存 # location ~ \.(mp4|jpg|jpeg|gif|ico|png|bmp|pict|csv|doc|pdf|pls|ppt|tif|tiff|eps|ejs|swf|midi|mid|ttf|eot|woff|otf|svg|svgz|webp|docx|xlsx|xls|pptx|ps|class|jar|exe)$ { # add_header Cache-Control private; # } #禁止Scrapy等工具的抓取,注意此处如果禁用了cron(define('DISABLE_WP_CRON', true);),在宝塔面板增加cron的定时任务需要删除其中的Curl if ($http_user_agent ~* (Scrapy|Curl|HttpClient)) { rewrite ^/.* /404.html last; } #限制访问XMLRPC location ~* /xmlrpc.php$ { allow 127.0.0.1; deny all; } #限制请求类型 if ($request_method !~ ^(GET|POST)$ ) { return 444; } #禁止直接访问PHP文件 location ~* /(?:uploads|files|wp-content|wp-includes|akismet)/.*.php$ { deny all; access_log off; log_not_found off; } #禁止访问某些敏感文件 location ~ /\.(svn|git)/* { deny all; access_log off; log_not_found off; } location ~ /\.ht { deny all; access_log off; log_not_found off; } location ~ /\.user.ini { deny all; access_log off; log_not_found off; } #隐藏 nginx 版本. server_tokens off; #隐藏 PHP 版本 fastcgi_hide_header X-Powered-By; proxy_hide_header X-Powered-By; #安全标头 add_header X-Frame-Options SAMEORIGIN; add_header Strict-Transport-Security "max-age=31536000"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; #减少垃圾评论 # set $comment_flagged 0; # set $comment_request_method 0; # set $comment_request_uri 0; # set $comment_referrer 1; # if ($request_method ~ "POST"){ # set $comment_request_method 1; # } # if ($request_uri ~ "/wp-comments-post\.php$"){ # set $comment_request_method 1; # } # if ($http_referer !~ "^https?://(([^/]+\.)?site\.com|jetpack\.wordpress\.com/jetpack-comment)(/|$)"){ # set $comment_referrer 0; # } # set $comment_flagged "${comment_request_method}${comment_request_uri}${comment_referrer}"; # if ($comment_flagged = "111") { # return 403; # } #禁用目录列表 autoindex off;
本文作者:𝙕𝙆𝘾𝙊𝙄
文章名称:nginx防护规则,可防护内容文件扫描、防扫描
文章链接:https://www.zkcoi.com/365up/program/2292.html
本站资源仅供个人学习交流,请于下载后24小时内删除,不允许用于商业用途,否则法律问题自行承担。