upstream tomcat {
ip_hash;
server 192.168.2.187:8080;
}
location ~* /html {
if ($request_method = PUT ) {
return 403;
}
if ($request_method = DELETE ) {
return 403;
}
if ($request_method = POST ) {
return 403;
}
proxy_method GET;
proxy_pass http://tomcat;
}
When the path contains /html, proxy to the server backend to request data. The PUT, DELETE, and POST methods are blocked here, and only GET is used. The main purpose is for security, because DELETE, POST, and PUT can modify data.
Or:
limit_except GET {
allow 192.168.1.1; Linux learning, http:// linux.it.net.cn
deny all;
}
if ($request_filename ~ /test/index.html) {
# return 404;
rewrite ^/(.*) /index.html; }; Linux learning, http://linux.it.net.cn
nginx prohibits access to txt|doc files
Method 1: Global settings, prohibit access to any files with the suffix txt|doc File
location ~* \.(txt|doc)$ {
deny all;
}
Method 2: Only prohibit access to txt|doc in a certain directory
location ~* \.(txt|doc)$ {
if (-f $request_filename) {
root html/job;
break;
}
}
nginx prohibits access to a certain browser: # The browser type can be known from the log.
server
{
listen 80;
server_name test.domain.com;
index index.php index.html;
root /opt/nginx/html/;
if ( $http_user_agent ~* "MSIE 6.0" ) {
return 403;
}
Set directory execution permissions
Under windows+iis, you can set the upload directory, similar to: upload, uploadfile, attachments, like this There is no script execution permission under the directory, so as to prevent illegal users from uploading scripts to get webshell
. It is also very simple on nginx. We use location as follows:
location ~ ^/upload/.*\.(php|php5)$
{
deny all;
}
where upload is replaced by The name of the directory you want to set. The meaning of
this rule is to match the request connection at the beginning of /upload/, match any character in the middle, match the page of .php or .php5 at the end, and finally use deny all to prohibit access, which prevents uploading Script execution permission of the directory
Reference :
http://linux.it.net.cn/e/server/nginx/2015/0110/11642.html
Nginx server rejects non-GET requests to ensure security
Guess you like
Origin http://10.200.1.11:23101/article/api/json?id=326653748&siteId=291194637
Ranking