[A script is implanted into the service, causing data leakage? How to access the database on the intranet? ]

Table of contents

How to access the database within the network:

Using nginx for reverse proxy can forward requests from external users to the database server in the intranet. Specific steps are as follows:

An SSH tunnel can be used to establish an encrypted connection, allowing external users to access the database in the intranet through the SSH tunnel. Specific steps are as follows:

Port mapping can be used to map the database port in the internal network to a port on the external network, so that external users can access the database in the internal network through this port. Specific steps are as follows:

Summarize:

Foreword:

Take safety measures

How to access the database within the network:

Use VPN: Establish an intranet connection through VPN so that external users can access the database in the intranet through VPN.
Use port mapping: Map the database port in the internal network to a port on the external network so that external users can access the database in the internal network through this port.
Use a reverse proxy: Build a reverse proxy server in the intranet to forward requests from external users to the database server in the intranet.
Use SSH tunnel: Establish an encrypted connection through the SSH tunnel so that external users can access the database in the intranet through the SSH tunnel.

Using nginx for reverse proxy can forward requests from external users to the database server in the intranet. Specific steps are as follows:

Build an nginx server in the intranet and configure the reverse proxy function of nginx.

Add the reverse proxy configuration in the nginx configuration file, for example:

server {
    listen 80;
    server_name example.com;
    location / {
        proxy_pass http://内网数据库服务器IP:端口号;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Among them, proxy_passthe address and port number of the intranet database server to be forwarded are specified, which proxy_set_headeris used to set the request header information.

By accessing the IP address or domain name of the nginx server on the external network, you can access the database server on the internal network through the nginx reverse proxy.
It should be noted that in order to ensure security, the nginx server should be safely configured, such as restricting access to IP, enabling SSL, etc. At the same time, security configurations should also be performed on the database server in the intranet, such as restricting access IPs, setting access passwords, etc.

An SSH tunnel can be used to establish an encrypted connection, allowing external users to access the database in the intranet through the SSH tunnel. Specific steps are as follows:

On the database server in the intranet, install and start the SSH service. For example, in Linux systems, you can use the OpenSSH service.
On the client on the external network, use an SSH client to connect to the database server on the internal network. For example, in Windows systems, you can use the PuTTY client.
In the SSH client, configure the SSH tunnel. The specific configuration is as follows:

a. In the "Session" tab, enter the IP address and SSH service port number of the database server in the intranet (the default is 22).

b. In the "Connection"-"SSH"-"Tunnels" tab, add an SSH tunnel. For example, set the local port number to 3306, the target host to the IP address of the database server, and the target port number to the port number of the database (for example, 3306).

c. Click the "Add" button to save the SSH tunnel configuration.
In the SSH client, connect to the database server in the intranet. At this point, the SSH tunnel has been established and the database in the intranet can be accessed through the local port number (for example, 3306).

It should be noted that SSH tunnels can encrypt communications and improve the security of data transmission. At the same time, it is also necessary to perform security configuration on the SSH service, such as restricting access to IPs, enabling firewalls, etc., to ensure the security of the server.

Port mapping can be used to map the database port in the internal network to a port on the external network, so that external users can access the database in the internal network through this port. Specific steps are as follows:

On the database server in the intranet, find the port number to be mapped, such as port 3306.
Configure port mapping on the router or firewall in the intranet. The specific configuration method varies by device, and generally needs to be configured in the management interface of the router or firewall. Taking the TP-Link router as an example, the configuration steps are as follows:

a. Log in to the router management interface and enter the "Advanced Settings" - "NAT Forwarding" page.

b. Click "Add New Entry" and fill in the port mapping rules. For example, set the external network port number to 3306, set the internal network IP address to the IP address of the database server, and set the internal network port number to 3306.

c. Click the "Save" button to save the port mapping rules.
On the external network, use the mapped port number to access the database on the internal network. For example, use the external IP address and port number 3306 to access the database.

It should be noted that port mapping will expose the ports in the internal network to the external network, which poses certain security risks. Therefore, security configurations should be performed on the database, such as restricting access IPs, setting access passwords, etc., to ensure the security of the database. At the same time, security configurations should also be performed on routers or firewalls, such as restricting access to IPs, enabling firewalls, etc., to ensure network security.

Summarize:

Access the database through the intranet, and then use the service registration IP