以下配置为我正式环境使用的。之前用Apache比较多;现在基本不用了。现分享吧。
1.针对 Spider的 <Location /> #SetEnvIfNoCase User-Agent "spider" bad_bot BrowserMatchNoCase bingbot bad_bot BrowserMatchNoCase Googlebot bad_bot BrowserMatchNoCase 360Spider bad_bot BrowserMatchNoCase "iaskspider" badguy BrowserMatchNoCase "QihooBot" badguy BrowserMatchNoCase "larbin" badguy BrowserMatchNoCase "iearthworm" badguy BrowserMatchNoCase "Outfoxbot" badguy BrowserMatchNoCase "lanshanbot" badguy BrowserMatchNoCase "Arthur" badguy BrowserMatchNoCase "InfoPath" badguy BrowserMatchNoCase "DigExt" badguy BrowserMatchNoCase "Embedded" badguy BrowserMatchNoCase "EmbeddedWB" badguy BrowserMatchNoCase "Wget" badguy BrowserMatchNoCase "CNCDialer" badguy BrowserMatchNoCase "LWP::Simple" badguy BrowserMatchNoCase "WPS" badguy Order Deny,Allow Deny from 124.115.4. 124.115.0. 64.69.34.135 216.240.136.125 218.15.197.69 155.69.160.99 58.60.13. 121.14.96. 58.60.14. 58.61.164. 202.108.7.209 Deny from env=bad_bot </Location>
2.用Rewrite对Apache进行加固
#####APACHE URL关键字加固策略
#####请自行添加删减关键字
#####并做好测试。实例如下:
RewriteEngine on
RewriteCond %{REQUEST_URI} xwork|java|redirect|passwd|hosts|windows|script|ScRiPt|location|prompt|proc\/self\/environ|mosConfig_[a-zA-Z_]{1,21}(=|%3D)|base64_encode.*(.*)|(<|%3C).*script.*(>|%3E)|GLOBALS(=|[|%[0-9A-Z]{0,2})|_REQUEST(=|[|%[0-9A-Z]{0,2})|limit|\/WEB-INF\/web\.xml|applicationContext\.xml|\/manager\/html|\/jmx-console\/|\.properties|\.class|phpinfo\.php|\/conn\.asp|\/conn\.php|\/conn\.jsp|\/cmd\.asp|\/diy\.asp|\.asp;|\/(\w+)\.(\w+)\/(\w+)\.php|\.php\.|eval\(|%eval|\.jsp?action=|fsaction=|/etc/passwd|\/%c0%ae%c0%ae|\/%2E%2E|boot\.ini|win\.ini|access\.log|httpd\.conf|nginx\.conf|boot\.ini|\/etc\/hosts|((\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist|php|php5|jspx)|~)$) [NC]
RewriteRule ^/(.*) http://www.baidu.com/ [R,F]
RewriteCond %{QUERY_STRING} xwork|java|redirect|passwd|hosts|windows|script|ScRiPt|location|prompt|proc\/self\/environ|mosConfig_[a-zA-Z_]{1,21}(=|%3D)|base64_encode.*(.*)|(<|%3C).*script.*(>|%3E)|GLOBALS(=|[|%[0-9A-Z]{0,2})|_REQUEST(=|[|%[0-9A-Z]{0,2})|limit|\/WEB-INF\/web\.xml|applicationContext\.xml|\/manager\/html|\/jmx-console\/|\.properties|\.class|phpinfo\.php|\/conn\.asp|\/conn\.php|\/conn\.jsp|\/cmd\.asp|\/diy\.asp|\.asp;|\/(\w+)\.(\w+)\/(\w+)\.php|\.php\.|eval\(|%eval|\.jsp?action=|fsaction=|/etc/passwd|\/%c0%ae%c0%ae|\/%2E%2E|boot\.ini|win\.ini|access\.log|httpd\.conf|nginx\.conf|boot\.ini|\/etc\/hosts|((\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist|php|php5|jspx)|~)$) [NC]
RewriteRule ^/(.*) http://www.baidu.com/ [R,F]
其实感觉功能还是有些鸡肋的。我这边也是配合Waf使用的。呵呵。
转载于:https://blog.51cto.com/zhangyc/1676609
486
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
