server {
listen 8001;
server_name 127.0.0.1;
root "E:/PHPproject/certification";
# 解决点击劫持:iframe;SAMEORIGIN只能被本站页面嵌入到iframe或者frame中。ALLOW-FROM uri(个别浏览器不支持):只能被嵌入到指定域名的框架中。
add_header X-Frame-Options SAMEORIGIN;
# 如果检测到恶意代码,在不渲染恶意代码
add_header X-XSS-Protection "1; mode=block";
location / {
index index.php index.html error/index.html;
error_page 400 /error/400.html;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=/$1 last;
break;
}
}
location ~ \.php(.*)$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
}
修改fastcgi_params文件 解决 cgi.fix_pathinfo 文件类型解析错误漏洞,在文件起始位置加上下面的判断
if ($request_filename ~* (.*)\.php) {
set $php_url $1;
}
if (!-e $php_url.php) {
return 403;
}
if ($request_filename ~* (.*)\.php) {
set $php_url $1;
}
if (!-e $php_url.php) {
return 403;
}