php实现Linux服务器木马排查及加固功能(3)


server
{
    listen       80;
    server_name  ***.com;
    index   index.htm index.html index.php;
    root  /wwwroot/;
    
 
      
    rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
    rewrite ^([^\.]*)/article-([0-9]+)-([0-9]+)\.html$ $1/portal.php?mod=view&aid=$2&page=$3 last;
    rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
    rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
    rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
    rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
    rewrite ^([^\.]*)/([a-z]+)-(.+)\.html$ $1/$2.php?rewrite=$3 last;
    rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
        
 
        location ~ ^/images/.*\.(php|php5)$
                {
              deny all;
                }
 
        location ~ ^/static/.*\.(php|php5)$
                {
               deny all;
                }
 
        location ~* ^/data/(attachment|avatar)/.*\.(php|php5)$
            {
                deny all;
            }
 
    location ~ .*\.(php|php5)?$
    {      
      fastcgi_pass  127.0.0.1:9000;
      fastcgi_index index.php;
      include fcgi.conf;
    }
    
        
 
error_page  400 /404.html;
error_page  403 /404.html;
error_page  404 /404.html;
error_page  405 /404.html;
error_page  408 /404.html;
error_page  410 /404.html;
error_page  411 /404.html;
error_page  412 /404.html;
error_page  413 /404.html;
error_page  414 /404.html;
error_page  415 /404.html;
error_page  500 /404.html;
error_page  501 /404.html;
error_page  502 /404.html;
error_page  503 /404.html;
error_page  506 /404.html;
 
 
log_format  acclog    "$remote_addr $request_time $http_x_readtime [$time_local] \"$request_method $host$request_uri\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\"";
        access_log  /logs/access.log  acclog;
}

此处需要注意的是

复制代码 代码如下:


location ~ ^/images/.*\.(php|php5)$
{
  deny all;
}

这些目录的限制必须写在

复制代码 代码如下:

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/ee3a74c8043adbec295fe2800ada346a.html