PHP+NGINX服务器性能安全优化( 二 ) _服务器

四、设置站点nginx配置 [防止攻击]位置通常位于
/etc/nginx/sites-available/{{domain}}/server
1、新建 block-agent.conf
sudo nano block-agent.conf#### BLOCK USER AGENTS###set $block_user_agents 0;if ($http_user_agent ~ "Screaming Frog seo Spider") {set $block_user_agents 1;}if ($http_user_agent ~ "Indy Library") {set $block_user_agents 1;}if ($http_user_agent ~ "libwww-perl") {set $block_user_agents 1;}if ($http_user_agent ~ "GetRight") {set $block_user_agents 1;}if ($http_user_agent ~ "GetWeb!") {set $block_user_agents 1;}if ($http_user_agent ~ "Go!Zilla") {set $block_user_agents 1;}if ($http_user_agent ~ "Download Demon") {set $block_user_agents 1;}if ($http_user_agent ~ "Go-Ahead-Got-It") {set $block_user_agents 1;}if ($http_user_agent ~ "TurnitinBot") {set $block_user_agents 1;}if ($http_user_agent ~ "GrabNet") {set $block_user_agents 1;}if ($http_user_agent ~ "dirbuster") {set $block_user_agents 1;}if ($http_user_agent ~ "nikto") {set $block_user_agents 1;}if ($http_user_agent ~ "SF") {set $block_user_agents 1;}if ($http_user_agent ~ "sqlmap") {set $block_user_agents 1;}if ($http_user_agent ~ "fimap") {set $block_user_agents 1;}if ($http_user_agent ~ "nessus") {set $block_user_agents 1;}if ($http_user_agent ~ "whatweb") {set $block_user_agents 1;}if ($http_user_agent ~ "Openvas") {set $block_user_agents 1;}if ($http_user_agent ~ "jbrofuzz") {set $block_user_agents 1;}if ($http_user_agent ~ "libwhisker") {set $block_user_agents 1;}if ($http_user_agent ~ "webshag") {set $block_user_agents 1;}if ($http_user_agent ~ "Acunetix-Product") {set $block_user_agents 1;}if ($http_user_agent ~ "Acunetix") {set $block_user_agents 1;}if ($block_user_agents = 1) {return 403;}2.新建
protext-sql-exploit-spam.conf
sudo nano protext-sql-exploit-spam.conf#### SQL INJECTIONS###set $block_sql_injections 0;if ($query_string ~ "union.*select.*(") {set $block_sql_injections 1;}if ($query_string ~ "union.*all.*select.*") {set $block_sql_injections 1;}if ($query_string ~ "concat.*(") {set $block_sql_injections 1;}if ($block_sql_injections = 1) {return 403;}#### COMMON EXPLOITS###set $block_common_exploits 0;if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {set $block_common_exploits 1;}if ($query_string ~ "GLOBALS(=|[|%[0-9A-Z]{0,2})") {set $block_common_exploits 1;}if ($query_string ~ "_REQUEST(=|[|%[0-9A-Z]{0,2})") {set $block_common_exploits 1;}if ($query_string ~ "proc/self/environ") {set $block_common_exploits 1;}if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|%3D)") {set $block_common_exploits 1;}if ($query_string ~ "base64_(en|de)code(.*)") {set $block_common_exploits 1;}if ($block_common_exploits = 1) {return 403;}#### BLOCK SPAM###set $block_spam 0;if ($query_string ~ "b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)b") {set $block_spam 1;}if ($query_string ~ "b(erections|hoodia|huronriveracres|impotence|levitra|libido)b") {set $block_spam 1;}if ($query_string ~ "b(ambien|bluespill|cialis|cocaine|ejaculation|erectile)b") {set $block_spam 1;}if ($query_string ~ "b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)b") {set $block_spam 1;}if ($block_spam = 1) {return 403;}3、新建 rate-limit.conf
#### Rate Limit for wp-login.php#### domain1不带.com后缀# domain2 完整域名location = /wp-login.php {limit_req zone=one burst=2 nodelay;limit_req_status 444;include fastcgi.conf;fastcgi_pass unix:/run/php/php7.4-{{domain1}}.sock;include sites-available/{{domain2}}/location/*;}五、设置 redis通常位于 /etc/redis/redis.conf
maxmemory 1024mb maxmemory-policy allkeys-lru六、设置 wp-config.php/* Memory */define( 'WP_MEMORY_LIMIT', '1024M' );/* Undertstand which query */define('SAVEQUERIES', true);/* Disable WP Cron */define( 'DISABLE_WP_CRON', true );/* Auto Update */define( 'WP_AUTO_UPDATE_CORE', false );/* Debuging */define( 'WP_DEBUG', true );define( 'WP_DEBUG_DISPLAY', false );define( 'WP_DEBUG_LOG', true );/* Dont Allow File Edit */define( 'DISALLOW_FILE_EDIT', true );