从安全防护角度考虑,一般我们要禁用不安全的 HTTP 方法,仅保留 GET、POST 方法。
nginx 禁用不安全的http方法,既可以在nginx配置文件 server 下进行全局设置,也可以在某个location下进行设置。
全局设置方式一
if ($request_method ~ ^(PUT|DELETE)$) {
return 403;
}
或
if ($request_method !~ ^(GET|POST)$) {
return 403;
}
比如:
server {
listen 80;
server_name www.iwen.com;
#return 301 https://$server_name$request_uri;
if ($request_method !~ ^(GET|POST)$) {
return 403;
}
.......
.......
}
局部设置方式一
location /knowlege_app {
include /usr/local/nginx/allow_ip_list.conf;
if ($request_method = PUT ) {
return 403;
}
if ($request_method = DELETE ) {
return 403;
}
if ($request_method = OPTIONS ) {
return 403;
}
if ($request_method = TRACE ) {
return 403;
}
proxy_pass http://serverKnowlege_app;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
局部设置方式二:
location /knowlege_app {
include /usr/local/nginx/allow_ip_list.conf;
if ($request_method !~ ^(GET|POST)$) {
return 403;
}
proxy_pass http://serverKnowlege_app;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}