搜集整理+手写
#nginx防护规则,可防护WP,防止内容文件扫描、防扫描,添加完成后重载或者重启nginx即可
#在/www/wwwroot/[web目录]/新建nginx_firewall.conf 空白文件,然后复制粘贴整个内容
#在nginx 配置文件server区域添加:include /www/wwwroot/[web目录]/nginx_firewall.conf;
#禁止访问的文件或目录
location ~ ^/(\.htaccess|\.project|LICENSE|README.md|feed|feeds|owa|xxxss|wp-includes/wlwmanifest.xml|demo/js/common.js|css/album.css|data|backup|e/data/js/ajax.js|bbs){
deny all;
access_log off;
log_not_found off;
}
#禁止空agent的浏览器访问
if ($http_user_agent ~ ^$) {
return 403;
}
#禁止指定UA的访问
if ($http_user_agent ~ "ApacheBench|WebBench|HttpClient|Java|python|Go-http-client|FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Feedly|UniversalFeedParser|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|MJ12bot|heritrix|EasouSpider|LinkpadBot|Ezooms|mj12bot" ){
rewrite ^/.* /404.html last;
}
#特定IP跳转,强制恶意IP直接跳转至工信部
if ($remote_addr ~* "180.101.214.20|180.101.214.21|180.101.214.148|122.55.53.192|58.19.125.0/24|123.182.246.194|183.131.66.29|180.97.35.91|180.97.35.165|180.97.35.90|180.97.35.21|180.97.35.89|180.97.35.219|180.97.35.216|180.97.35.37|180.97.35.88|180.97.35.164|180.97.35.217|180.97.35.149|113.24.224.0/24|36.138.165.129|121.230.88.204|119.62.132.211"){
return 301 https://beian.miit.gov.cn/?site=brandsite&from=footer#/Integrated/index;
}
# 屏蔽文件扫描
location ~* \.(exe|htm|asa|asp|sql|zip|tar\.gz|tar|rar|gz|aspx|bak|ashx)$ {
deny all;
access_log off;
log_not_found off;
#把上面的注释掉,用return直接重定向至工信部的官网
#return 301 https://www.miit.gov.cn/;
}
# 禁止CDN缓存
# location ~ \.(mp4|jpg|jpeg|gif|ico|png|bmp|pict|csv|doc|pdf|pls|ppt|tif|tiff|eps|ejs|swf|midi|mid|ttf|eot|woff|otf|svg|svgz|webp|docx|xlsx|xls|pptx|ps|class|jar|exe)$ {
# add_header Cache-Control private;
# }
#禁止Scrapy等工具的抓取,注意此处如果禁用了cron(define('DISABLE_WP_CRON', true);),在宝塔面板增加cron的定时任务需要删除其中的Curl
if ($http_user_agent ~* (Scrapy|Curl|HttpClient)) {
rewrite ^/.* /404.html last;
}
#限制访问XMLRPC
location ~* /xmlrpc.php$ {
allow 127.0.0.1;
deny all;
}
#限制请求类型
if ($request_method !~ ^(GET|POST)$ ) {
return 444;
}
#禁止直接访问PHP文件
location ~* /(?:uploads|files|wp-content|wp-includes|akismet)/.*.php$ {
deny all;
access_log off;
log_not_found off;
}
#禁止访问某些敏感文件
location ~ /\.(svn|git)/* {
deny all;
access_log off;
log_not_found off;
}
location ~ /\.ht {
deny all;
access_log off;
log_not_found off;
}
location ~ /\.user.ini {
deny all;
access_log off;
log_not_found off;
}
#隐藏 nginx 版本.
server_tokens off;
#隐藏 PHP 版本
fastcgi_hide_header X-Powered-By;
proxy_hide_header X-Powered-By;
#安全标头
add_header X-Frame-Options SAMEORIGIN;
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
#减少垃圾评论
# set $comment_flagged 0;
# set $comment_request_method 0;
# set $comment_request_uri 0;
# set $comment_referrer 1;
# if ($request_method ~ "POST"){
# set $comment_request_method 1;
# }
# if ($request_uri ~ "/wp-comments-post\.php$"){
# set $comment_request_method 1;
# }
# if ($http_referer !~ "^https?://(([^/]+\.)?site\.com|jetpack\.wordpress\.com/jetpack-comment)(/|$)"){
# set $comment_referrer 0;
# }
# set $comment_flagged "${comment_request_method}${comment_request_uri}${comment_referrer}";
# if ($comment_flagged = "111") {
# return 403;
# }
#禁用目录列表
autoindex off;
本文作者:𝙕𝙆𝘾𝙊𝙄
文章名称:nginx防护规则,可防护内容文件扫描、防扫描
文章链接:https://www.zkcoi.com/365up/program/2292.html
本站资源仅供个人学习交流,请于下载后24小时内删除,不允许用于商业用途,否则法律问题自行承担。
微信扫一扫 
支付宝扫一扫 
