Nginx 安全設定(禁止Iframe跨域訪問、隱藏server、限制ip訪問)
阿新 • • 發佈:2022-05-30
1.安裝【headers-more-nginx-module】模組,自定義nginx頭資訊
2.禁止Iframe跨域請求
more_set_headers 'X-Frame-Options SAMEORIGIN';
3.隱藏頭資訊server
more_clear_headers 'server';
4.ip訪問攔截至500頁面(並重寫500頁面,去除其中相關服務資訊)
http中最前部分加入
server { listen 80; listen 443 default_server; server_name _; ssl_certificate cert/test.crt; ssl_certificate_key cert/test.key; ssl_session_timeout 5m; ssl_ciphers ****-****; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; error_page 497 400 502 503 = /50x.html; location = /50x.html { return 500 /50x.html; }return 500 /50x.html; }
其中443埠配置時,需配置相關ssl配置(不需要443埠時,可不進行相關配置)(簡單配置可參考:https://www.cnblogs.com/zktww/p/16085763.html)
5.完整示例
#user nobody; #解決許可權問題 user root; worker_processes auto; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream;more_clear_headers 'server'; more_set_headers 'X-Frame-Options SAMEORIGIN'; sendfile on; proxy_pass_header Server; server { listen 80; listen 443 default_server; server_name _; ssl_certificate cert/test.crt; ssl_certificate_key cert/test.key; ssl_session_timeout 5m; ssl_ciphers ****-****; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; error_page 497 400 502 503 = /50x.html; location = /50x.html { return 500 /50x.html; } return 500 /50x.html; }
#具體分發 include conf.d/test.conf; }