Linux VPS Security Tips - PHP security settings Nginx environment

Others 2019-07-03 06:50:37 views: null

Now we will be more and more website owners make the choice of server, not the virtual host. But choose vps server after, most of our users will directly pagoda panel, LNMP such as a key to install the system to configure WEB site environment. Some software really is in constant upgrades and maintenance and security features do good, but some may not take into account security issues.

Because most software providers are more consideration to function, for security detail to do is not enough, for example, some time ago due to the vulnerability THINKPHP framework has resulted in the installation THINKPHP program is black, but also affect the same server in the other website also has been hacked, so for safety issues still need separate treatment,

Linux VPS Security Tips - PHP security settings Nginx environment

In this article, we VULTR Chinese web finishing process in several environments NGINX some things PHP security.

1, prohibits unsafe function

disable_functions = passthru,exec,system,chroot,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,fsocket,popen

Here we need to ban these functions in php.ini, if the system has been banned, do not we add.

2, to prevent cross-site security

.User.ini created in the root directory of the site

open_basedir=/data/wwwroot/:/tmp/:/proc/

Authorization:

chattr +i .user.ini

Here we need to be access restrictions.

3, prohibit some directories execute PHP

# Static PHP file directory prohibit execution
LOCATION ~ * ^ / (uploads | templets | the Data) /.* (PHP | php5) $ {.
Return 444;
}

Here we can set up some static files directory, such as image upload PHP directory execute permission is prohibited.

Of course, if we need to, then you can add some other security issues in the Nginx configuration file, such as some security.

if ($http_user_agent ~* (wget|Scrapy|Curl|HttpClient)) {
return 403;
}

if ($http_user_agent ~* "WinHttp|WebZIP|FetchURL|node-superagent|java/|FeedDemon|Jullo|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|Java|Feedly|Apache-HttpAsyncClient|UniversalFeedParser|ApacheBench|Webbench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|MJ12bot|heritrix|EasouSpider|Ezooms|BOT/0.1|YandexBot|FlightDeckReports|Linguee Bot|^$") {
return 403;
}

Guess you like

Origin www.cnblogs.com/huadeshijie/p/11123199.html
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com