| 代理服务器 | 真实访问服务器 |
|---|---|
| 192.168.31.10 | 192.168.31.5 |
| server1 | server2 |
http {
log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘
‘$status $body_bytes_sent "$http_referer" ‘
‘"$http_user_agent" "$http_x_forwarded_for"‘;
}server {
listen 443;
server_name dc.hanye.com
index index.htm index.html index.php;
location / {
index index.htm index.html index.php;
proxy_pass https://192.168.31.5;
include proxy.conf;
}
}cat /usr/local/nginx/conf/proxy.conf
proxy_connect_timeout 300s;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 32k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_redirect off;
proxy_hide_header Vary;
proxy_set_header Accept-Encoding ‘‘;
proxy_set_header Referer $http_referer;
proxy_set_header Cookie $http_cookie;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1; cat /usr/local/nginx/conf/vhost/dc.hanye.com.conf
server {
listen 443;
server_name dc.hanye.com;
ssl on;
root /home/erp/dataCr/public;
access_log /data/wwwlogs/dcssl_access_nginx.log main;
error_log /data/wwwlogs/dcssl_error_nginx.log;
index index.html index.htm index.php;
ssl_certificate /usr/local/nginx/conf/ssl/hanye.com.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/hanye.com.key;
ssl_session_timeout 10m;
ssl_buffer_size 64k;
ssl_session_cache shared:SSL:10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv3;
ssl_prefer_server_ciphers on;
include deny_host.conf;
if (!-e $request_filename){
rewrite (.*) /index.php last;
}
location ~ [^/]\.php(/|$) {
# fastcgi_pass unix:/dev/shm/php-fastcgi.sock;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /\.ht {
deny all;
}
} deny 82.200.168.101;
deny 115.60.186.254;
deny 111.144.139.0;
deny 221.229.204.124;
deny 34.200.238.202;
deny 180.97.190.79;
deny 185.92.73.108;
deny 117.27.159.145;
deny 123.249.35.138;
deny 118.189.145.230;
deny 150.70.188.167;
deny 209.210.183.140;
deny 123.249.35.138;
deny 140.240.30.67;
deny 54.72.102.1;
deny 43.248.103.26;
deny 202.100.214.104;
deny 201.178.152.41;
deny 104.131.109.149;
deny 218.108.158.238;
deny 115.215.55.25;
deny 78.245.236.138;
deny 42.115.142.151;
deny 201.177.161.121;
deny 60.165.208.28;
deny 121.234.56.44;
deny 60.239.42.29;
deny 37.76.148.15;
deny 121.194.2.252;
deny 46.17.100.30;
deny 103.207.39.154;
deny 220.248.123.190;
deny 123.123.255.50;
deny 202.96.25.88;
deny 185.165.29.198;
deny 60.174.195.41;
deny 212.237.37.211;
deny 220.191.255.198;
deny 96.91.204.122;
deny 159.203.42.152;
deny 103.85.23.24;
deny 180.76.139.176;
deny 103.60.221.239;
deny 202.53.138.23;
######
deny 101.107.11.84;
deny 101.29.118.14;
deny 106.111.222.218;
deny 110.184.163.240;
deny 112.192.144.162;
deny 112.194.90.218;
deny 112.195.155.239;
deny 112.237.188.252;
deny 112.67.181.132;
deny 113.75.0.190;
deny 113.85.77.168;
deny 114.104.135.176;
deny 115.213.235.75;
deny 115.215.6.67;
deny 115.217.164.103;
deny 115.217.164.107;
deny 115.217.165.54;
deny 115.217.165.56;
deny 118.118.199.172;
deny 119.140.160.129;
deny 119.250.9.210;
deny 119.5.1.37;
deny 121.20.5.8;
deny 121.232.148.220;
deny 122.231.185.87;
deny 122.239.143.197;
deny 122.245.13.7;
deny 122.4.50.235;
deny 123.134.237.161;
deny 123.146.68.192;
deny 123.163.153.201;
deny 123.163.167.132;
deny 123.163.178.194;
deny 125.105.111.246;
deny 125.106.189.65;
deny 125.111.117.133;
deny 125.111.117.203;
deny 125.111.118.103;
deny 125.111.118.185;
deny 125.121.6.109;
deny 125.123.136.211;
deny 125.123.136.224;
deny 125.87.101.12;
deny 140.250.189.205;
deny 140.255.43.187;
deny 171.12.87.240;
deny 180.116.211.132;
deny 180.141.130.18;
deny 183.147.19.189;
deny 183.149.89.205;
deny 183.159.235.127;
deny 183.164.235.175;
deny 223.104.10.8;
deny 223.145.229.211;
deny 223.156.197.238;
deny 223.156.199.119;
deny 27.157.3.91;
deny 27.221.193.235;
deny 27.31.102.199;
deny 36.56.79.172;
deny 52.80.164.236;
deny 58.255.4.190;
deny 58.47.35.146;
deny 60.175.212.125;
deny 61.151.178.166;
deny 66.249.79.48;
deny 101.20.203.221;
deny 110.249.201.14;
deny 110.251.237.78;
deny 113.76.134.234;
deny 114.104.184.23;
deny 115.202.142.15;
deny 115.215.56.57;
deny 117.90.137.239;
deny 117.93.83.90;
deny 121.232.199.18;
deny 121.234.244.24;
deny 121.236.124.13;
deny 122.190.146.17;
deny 123.134.222.17;
deny 123.151.148.54;
deny 123.151.148.56;
deny 123.151.148.57;
deny 123.151.76.158;
deny 123.151.77.71;
deny 124.94.197.168;
deny 125.111.117.94;
deny 125.111.119.10;
deny 125.113.112.41;
deny 125.69.91.101;
deny 125.72.106.141;
deny 125.87.106.21;
deny 183.128.64.57;
deny 218.73.128.18;
deny 218.73.143.100;
deny 220.178.145.85;
deny 222.95.190.183;
deny 223.199.215.12;
deny 223.242.128.10;
deny 223.242.248.10;
deny 27.202.62.212;
deny 27.40.132.213;
deny 49.85.248.190;
deny 49.88.93.155;
deny 58.19.62.211;
deny 58.212.58.113;
deny 59.49.191.249;
deny 61.148.245.141;
deny 66.249.79.17;
if ($http_referer ~* "tj.cn") {
return 403;
}
if ($http_user_agent ~ "FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|Feedly|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|HttpClient|MJ12bot|heritrix|EasouSpider|Ezooms|^$" )
{
return 403;
}
if ($http_user_agent ~* (Scrapy|HttpClient))
{
return 403;
}
location ~*(\/\/.*$) {
return 403;
}
if ($http_referer ~ .*.online.tj.cn) {
return 403;
}
if ($http_referer ~* "www188.asd.tj.cn") {
return 403;
}原文:https://blog.51cto.com/9025736/2521311