則言
Wednesday, August 10, 2022
實戰經驗整理的 25 個 Nginx 技巧
server_tokens off;ssl_protocols TLSv1.2 TLSv1.3;停用不需要的 HTTP 方法
location / {
limit_except GET HEAD POST { deny all; }
}
- 啟用基於 sysctl 的保護
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_syncookies = 1
- 防止圖片外連
location /images/ {
valid_referers none blocked www.domain.com domain.com;
if ($invalid_referer) {
return 403;
}
}
add_header X-Content-Type-Options nosniff;add_header X-XSS-Protection "1; mode=block";add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;