包罗centos6.5搭建http服务器搭建的词条

一、漏扫出现题目

检测到目标X-Content-Type-Options相应头缺失

add_header'Referrer-Policy''origin';

1

检测到错误页面web应用服务器版本信息泄漏修改404页面及500页面，不要出现apache、nginx等字样

检测到目标Referrer-Policy相应头缺失

add_header'Referrer-Policy''origin';

1

检测到目标X-XSS-Protection相应头缺失

add_headerX-Xss-header“1;mode=block”;

1

检测到目标X-Download-Options相应头缺失

add_headerX-Download-Options"noopen"always;

1

检测到目标Strict-Transport-Security相应头缺失

add_headerStrict-Transport-Security"max-age=63072000;includeSubdomains;preload";

1

检测到目标Content-Security-Policy相应头缺失

add_headerX-Frame-OptionsSAMEORIGIN;

1

检测到目标X-Permitted-Cross-Domain-Policies相应头缺失

header("X-Permitted-Cross-Domain-Policies:'master-only';");

1

点击挟制：X-Frame-Options未设置

add_headerX-Frame-OptionsSAMEORIGIN;

1

二、nginx.conf

http当中添加server_tokensoff;

更换对应的站点域名；

#usernobody;

worker_processes4;

#error_loglogs/error.log;

#error_loglogs/error.lognotice;

#error_loglogs/error.loginfo;

#pidlogs/nginx.pid;

events{

worker_connections40960;

}

http{

includemime.types;

default_typeapplication/octet-stream;

#log_formatmain'$remote_addr-$remote_user[$time_local]"$request"'

#'$status$body_bytes_sent"$http_referer"'

#'"$http_user_agent""$http_x_forwarded_for"';

#access_loglogs/access.logmain;

sendfileon;

#tcp_nopushon;

#keepalive_timeout0;

keepalive_timeout65;

server_tokensoff;

server{

listen8080;

server_name*.demo.com;

root"/www/demo";

location/{

indexindex.phpindex.htmlerror/index.html;

error_page400/error/400.html;

error_page403/error/403.html;

error_page404/error/404.html;

error_page500/error/500.html;

error_page501/error/501.html;

error_page502/error/502.html;

error_page503/error/503.html;

error_page504/error/504.html;

error_page505/error/505.html;

error_page506/error/506.html;

error_page507/error/507.html;

error_page509/error/509.html;

error_page510/error/510.html;

includeD:/phpstudy_pro/WWW/8100ktc/nginx.htaccess;

autoindexoff;

}

location~\.php(.*)${

fastcgi_pass127.0.0.1:9007;

fastcgi_indexindex.php;

fastcgi_split_path_info^((?U).+\.php)(/?.+)$;

fastcgi_paramSCRIPT_FILENAME$document_root$fastcgi_script_name;

fastcgi_paramPATH_INFO$fastcgi_path_info;

fastcgi_paramPATH_TRANSLATED$document_root$fastcgi_path_info;

includefastcgi_params;

}

add_headerX-Content-Type-Optionsnosniff;

add_header'Referrer-Policy''origin';

add_headerX-Download-Options"noopen"always;

add_headerStrict-Transport-Security"max-age=63072000;includeSubdomains;preload";

add_headerX-Permitted-Cross-Domain-Policies"master-only";

add_headerX-Frame-OptionsSAMEORIGIN;

add_headerContent-Security-Policy"default-src'self'data:*.xxx.com'unsafe-inline''unsafe-eval'mediastream:";

add_headerX-Content-Type-Options:nosniff;

add_headerX-XSS-Protection"1;mode=block";

#proxy_hide_headerX-Powered-By;

}

}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

————————————————

版权声明：本文为CSDN博主「那小子很拽」的原创文章，依照CC4.0BY-SA版权协议，转载请附上原文出处链接及本声明。

原文链接：https://blog.csdn.net/haoqi9999/article/details/123271036

• 服务器是什么
• 服务器租用平台
• 服务器租用多少钱一年
• 服务器怎么搭建
• 服务器异常怎么解决
• 服务器下载安装
• 服务器回收
• 服务器品牌前十大排名
• 服务器图片
• 服务器地址