jekyll Web服务器列目录漏洞

将网站迁移到云中，采用nginx代理端口，发现Web服务器列目录漏洞，解决方式如下。

问题描述

将网站迁移到云中，采用nginx代理端口，发现Web服务器列目录漏洞。

解决方案

配置nginx服务器：

[root@xiexianbin_cn conf.d]# cat xiexianbin_cn.conf
upstream www.xiexianbin.cn {
    server 127.0.0.1:8080;
    #server xiexianbin.github.io;
}

server {
    listen 80;
    server_name www.xiexianbin.cn;
    rewrite ^(.*) https://$server_name$1 permanent;
    try_files $uri $uri.html $uri/ =404;
}

server {
    listen 80;
    server_name xiexianbin.cn;
    rewrite ^(.*) https://www.xiexianbin.cn permanent;
    try_files $uri $uri.html $uri/ =404;
}

server {
    listen       443;
    server_name  www.xiexianbin.cn;
    ssl          on;
    #charset koi8-r;
    access_log /var/log/nginx/www.xiexianbin.cn.access.log main;

    try_files $uri.html $uri/ =404;

    ### SSL cert files ###
    ssl_certificate      /var/local/ssl/xiexianbin_cn/1_www.xiexianbin.cn_bundle.crt;
    ssl_certificate_key  /var/local/ssl/xiexianbin_cn/2_www.xiexianbin.cn.key;
    ### Add SSL specific settings here ###
    keepalive_timeout    60;


    location / {
        #root   html;
        #index index.html index.htm;
        proxy_pass http://www.xiexianbin.cn;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
        include /etc/nginx/conf.d/proxy.conf;
        proxy_set_header X-Forwarded-Proto https;
        try_files $uri $uri.html $uri/ =404;
    }
}
[root@xiexianbin_cn conf.d]#

添加try_files即可解决该问题，代码如下：

try_files $uri $uri.html $uri/ =404;

Apache

The Apache web server has very extensive support for content negotiation and can handle extensionless URLs by setting the multiviews option in your httpd.conf or .htaccess file:

Options +MultiViews

Nginx

The try_files directive allows you to specify a list of files to search for to process a request. The following configuration will instruct nginx to search for a file with an .html extension if an exact match for the requested URI is not found.

try_files $uri $uri.html $uri/ =404;