Secure Nginx
內容表格
- 1. Nginx 設定
- 2. PHP 設定
- 3. Using fail2ban
- 4. 參考連結
Nginx 設定
隱藏 nginx 版本資訊
http {
##
# Basic Settings
##
server_tokens off;
...
設定白名單存取
vi /etc/nginx/conf.d/whiteListIP.conf
allow 192.168.1.1; allow 192.168.1.2; allow 192.168.2.0/24; deny all;
PHP 設定
/etc/php.ini
; Disallow dangerous functions disable_functions = phpinfo, system, mail, exec ; Maximum execution time of each script, in seconds max_execution_time = 30 ; Maximum amount of time each script may spend parsing request data max_input_time = 60 ; Maximum amount of memory a script may consume (8MB) memory_limit = 8M ; Maximum size of POST data that PHP will accept. post_max_size = 8M ; Whether to allow HTTP file uploads. file_uploads = Off ; Maximum allowed size for uploaded files. upload_max_filesize = 2M ; Do not expose PHP error messages to external users display_errors = Off ; Restrict PHP information leakage expose_php = Off ; Log all errors log_errors = On ; Ensure PHP redirects appropriately cgi.force_redirect = 0 ; Enable SQL safe mode sql.safe_mode = On ; Avoid Opening remote files allow_url_fopen = Off
Using fail2ban
Powered by MindTouch Core