一、漏扫出现题目
检测到目标X-Content-Type-Options相应头缺失
add_header'Referrer-Policy''origin';
1
检测到错误页面web应用服务器版本信息泄漏修改404页面及500页面,不要出现apache、nginx等字样
检测到目标Referrer-Policy相应头缺失
add_header'Referrer-Policy''origin';
1
检测到目标X-XSS-Protection相应头缺失
add_headerX-Xss-header“1;mode=block”;
1
检测到目标X-Download-Options相应头缺失
add_headerX-Download-Options"noopen"always;
1
检测到目标Strict-Transport-Security相应头缺失
add_headerStrict-Transport-Security"max-age=63072000;includeSubdomains;preload";
1
检测到目标Content-Security-Policy相应头缺失
add_headerX-Frame-OptionsSAMEORIGIN;
1
检测到目标X-Permitted-Cross-Domain-Policies相应头缺失
header("X-Permitted-Cross-Domain-Policies:'master-only';");
1
点击挟制:X-Frame-Options未设置
add_headerX-Frame-OptionsSAMEORIGIN;
1
二、nginx.conf
http当中添加server_tokensoff;
更换对应的站点域名;
#usernobody;
worker_processes4;
#error_loglogs/error.log;
#error_loglogs/error.lognotice;
#error_loglogs/error.loginfo;
#pidlogs/nginx.pid;
events{
worker_connections40960;
}
http{
includemime.types;
default_typeapplication/octet-stream;
#log_formatmain'$remote_addr-$remote_user[$time_local]"$request"'
#'$status$body_bytes_sent"$http_referer"'
#'"$http_user_agent""$http_x_forwarded_for"';
#access_loglogs/access.logmain;
sendfileon;
#tcp_nopushon;
#keepalive_timeout0;
keepalive_timeout65;
server_tokensoff;
server{
listen8080;
server_name*.demo.com;
root"/www/demo";
location/{
indexindex.phpindex.htmlerror/index.html;
error_page400/error/400.html;
error_page403/error/403.html;
error_page404/error/404.html;
error_page500/error/500.html;
error_page501/error/501.html;
error_page502/error/502.html;
error_page503/error/503.html;
error_page504/error/504.html;
error_page505/error/505.html;
error_page506/error/506.html;
error_page507/error/507.html;
error_page509/error/509.html;
error_page510/error/510.html;
includeD:/phpstudy_pro/WWW/8100ktc/nginx.htaccess;
autoindexoff;
}
location~\.php(.*)${
fastcgi_pass127.0.0.1:9007;
fastcgi_indexindex.php;
fastcgi_split_path_info^((?U).+\.php)(/?.+)$;
fastcgi_paramSCRIPT_FILENAME$document_root$fastcgi_script_name;
fastcgi_paramPATH_INFO$fastcgi_path_info;
fastcgi_paramPATH_TRANSLATED$document_root$fastcgi_path_info;
includefastcgi_params;
}
add_headerX-Content-Type-Optionsnosniff;
add_header'Referrer-Policy''origin';
add_headerX-Download-Options"noopen"always;
add_headerStrict-Transport-Security"max-age=63072000;includeSubdomains;preload";
add_headerX-Permitted-Cross-Domain-Policies"master-only";
add_headerX-Frame-OptionsSAMEORIGIN;
add_headerContent-Security-Policy"default-src'self'data:*.xxx.com'unsafe-inline''unsafe-eval'mediastream:";
add_headerX-Content-Type-Options:nosniff;
add_headerX-XSS-Protection"1;mode=block";
#proxy_hide_headerX-Powered-By;
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
————————————————
版权声明:本文为CSDN博主「那小子很拽」的原创文章,依照CC4.0BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/haoqi9999/article/details/123271036
我要评论