将网站迁移到云中,采用nginx代理端口,发现Web服务器列目录漏洞,解决方式如下。

问题描述

将网站迁移到云中,采用nginx代理端口,发现Web服务器列目录漏洞。

解决方案

配置nginx服务器:

[root@xiexianbin_cn conf.d]# cat xiexianbin_cn.conf 
upstream www.xiexianbin.cn {
    server 127.0.0.1:8080;
    #server xiexianbin.github.io;
}

server {
    listen 80;
    server_name www.xiexianbin.cn;
    rewrite ^(.*) https://$server_name$1 permanent;
    try_files $uri $uri.html $uri/ =404;
}

server {
    listen 80;
    server_name xiexianbin.cn;
    rewrite ^(.*) https://www.xiexianbin.cn permanent;
    try_files $uri $uri.html $uri/ =404;
}

server {
    listen       443;
    server_name  www.xiexianbin.cn;
    ssl          on;
    #charset koi8-r;
    access_log /var/log/nginx/www.xiexianbin.cn.access.log main;

    try_files $uri.html $uri/ =404;

    ### SSL cert files ###
    ssl_certificate      /var/local/ssl/xiexianbin_cn/1_www.xiexianbin.cn_bundle.crt;
    ssl_certificate_key  /var/local/ssl/xiexianbin_cn/2_www.xiexianbin.cn.key;
    ### Add SSL specific settings here ###
    keepalive_timeout    60;


    location / {
        #root   html;
        #index index.html index.htm;
        proxy_pass http://www.xiexianbin.cn;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
        include /etc/nginx/conf.d/proxy.conf;
        proxy_set_header X-Forwarded-Proto https;
        try_files $uri $uri.html $uri/ =404;
    }
}
[root@xiexianbin_cn conf.d]# 

添加try_files即可解决该问题,代码如下:

try_files $uri $uri.html $uri/ =404;

Apache

The Apache web server has very extensive support for content negotiation and can handle extensionless URLs by setting the multiviews option in your httpd.conf or .htaccess file:

Options +MultiViews

Nginx

The try_files directive allows you to specify a list of files to search for to process a request. The following configuration will instruct nginx to search for a file with an .html extension if an exact match for the requested URI is not found.

try_files $uri $uri.html $uri/ =404;

参考

http://jekyllrb.com/docs/permalinks/

http://jekyllrb.com/docs/configuration/

http://nginx.org/en/docs/http/ngx_http_core_module.html#try_files

完毕。