0

我刚刚偶然发现了0 day 漏洞利用 和一些关于它 的讨论https://forum.nginx.org/read.php?2,88845,page=3 https://serverfault.com/questions/690983/which-try-文件-nginx-directive-is-best-for-the-zero-day-exploit

零日漏洞利用看起来很可怕。

并且所有像 laravel 这样的 php 应用程序都会受到影响?WordPress?一切?

还有哪些我不知道但应该知道的漏洞?

我很困惑,也很着急。

所以要修复 nginx,我需要这样的东西:

   server {
    listen 80;
   listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    server_name     dev.MyApp.com;

    root /var/www/html/dev.MyApp.com/public;

    index index.html index.htm index.php;

    access_log  /var/log/nginx/mylog.com.access.log;
    error_log  /var/log/nginx/mylog.com.error.log;

    location / {
        try_files $uri $uri/ /index.php?q=$uri&$args;
    }

 location ~ \.php$ {
        try_files $uri =404;
        proxy_intercept_errors on;
        error_page 500 501 502 503 = @fallback;
        fastcgi_buffers 8 256k;
        fastcgi_buffer_size 128k;
        fastcgi_intercept_errors on;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
    }
    location @fallback {
        try_files $uri =404;
        fastcgi_buffers 8 256k;
        fastcgi_buffer_size 128k;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
    }
    location ~* .(css|js|png|jpg|jpeg|gif|ico)$ { expires 1d; }

}

在哪里try_files $uri =404;修复了安全问题。我还需要做什么?例如,还有哪些其他漏洞?

4

0 回答 0