将网站迁移到云中,采用nginx代理端口,发现Web服务器列目录漏洞,解决方式如下。
问题描述
将网站迁移到云中,采用nginx代理端口,发现Web服务器列目录漏洞。
解决方案
配置nginx服务器:
[root@xiexianbin_cn conf.d]# cat xiexianbin_cn.conf
upstream www.xiexianbin.cn {
server 127.0.0.1:8080;
#server xiexianbin.github.io;
}
server {
listen 80;
server_name www.xiexianbin.cn;
rewrite ^(.*) https://$server_name$1 permanent;
try_files $uri $uri.html $uri/ =404;
}
server {
listen 80;
server_name xiexianbin.cn;
rewrite ^(.*) https://www.xiexianbin.cn permanent;
try_files $uri $uri.html $uri/ =404;
}
server {
listen 443;
server_name www.xiexianbin.cn;
ssl on;
#charset koi8-r;
access_log /var/log/nginx/www.xiexianbin.cn.access.log main;
try_files $uri.html $uri/ =404;
### SSL cert files ###
ssl_certificate /var/local/ssl/xiexianbin_cn/1_www.xiexianbin.cn_bundle.crt;
ssl_certificate_key /var/local/ssl/xiexianbin_cn/2_www.xiexianbin.cn.key;
### Add SSL specific settings here ###
keepalive_timeout 60;
location / {
#root html;
#index index.html index.htm;
proxy_pass http://www.xiexianbin.cn;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
include /etc/nginx/conf.d/proxy.conf;
proxy_set_header X-Forwarded-Proto https;
try_files $uri $uri.html $uri/ =404;
}
}
[root@xiexianbin_cn conf.d]#
添加try_files即可解决该问题,代码如下:
try_files $uri $uri.html $uri/ =404;
Apache
The Apache web server has very extensive support for content negotiation and can handle extensionless URLs by setting the multiviews option in your httpd.conf or .htaccess file:
Options +MultiViews
Nginx
The try_files directive allows you to specify a list of files to search for to process a request. The following configuration will instruct nginx to search for a file with an .html extension if an exact match for the requested URI is not found.
try_files $uri $uri.html $uri/ =404;