您可以阻止任何具有GET / POST請求的http用戶代理,nginx回應403以防止嘗試利用軟件漏洞 使用以下語法
vi /etc/nginx/nginx.conf
在以下區段增加內容
location ~ \.php$ {
.....
}
## Block http user agent - wget ## if ($http_user_agent ~* (Wget) ) { return 403; } ## Block Software download user agents ## if ($http_user_agent ~* LWP::Simple|BBBike|wget|YisouSpider) { return 403; }
從其它機器測試會回應403代表設置正常
wget 192.168.1.7
--2016-11-15 08:43:56-- http://192.168.1.7/
Connecting to 192.168.1.7:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2016-11-15 08:43:56 ERROR 403: Forbidden.
也可以用curl測試
curl -I -A "YisouSpider" 192.168.1.7
curl -I -A "YisouSpider" 192.168.1.7
HTTP/1.1 403 Forbidden
Server: nginx
Date: Tue, 15 Nov 2016 00:44:27 GMT
Content-Type: text/html; charset=utf-8,gbk,big5
Content-Length: 162
Connection: keep-alive
Vary: Accept-Encoding
參考資源
https://www.cyberciti.biz/faq/unix-linux-appleosx-bsd-nginx-block-user-agent/
http://www.111cn.net/sys/nginx/58664.htm