{"id":16928,"date":"2024-11-18T10:07:51","date_gmt":"2024-11-18T02:07:51","guid":{"rendered":"https:\/\/fwq.ai\/blog\/16928\/"},"modified":"2024-11-18T10:07:51","modified_gmt":"2024-11-18T02:07:51","slug":"linux%e6%9c%8d%e5%8a%a1%e5%99%a8%e7%bd%91%e7%bb%9c%e5%ae%89%e5%85%a8%ef%bc%9aweb%e6%8e%a5%e5%8f%a3%e6%94%bb%e5%87%bb%e7%9a%84%e5%ae%9e%e6%97%b6%e6%a3%80%e6%b5%8b%e4%b8%8e%e5%93%8d%e5%ba%94%e3%80%82","status":"publish","type":"post","link":"https:\/\/fwq.ai\/blog\/16928\/","title":{"rendered":"Linux\u670d\u52a1\u5668\u7f51\u7edc\u5b89\u5168\uff1aWeb\u63a5\u53e3\u653b\u51fb\u7684\u5b9e\u65f6\u68c0\u6d4b\u4e0e\u54cd\u5e94\u3002"},"content":{"rendered":"

\"Linux\u670d\u52a1\u5668\u7f51\u7edc\u5b89\u5168\uff1aWeb\u63a5\u53e3\u653b\u51fb\u7684\u5b9e\u65f6\u68c0\u6d4b\u4e0e\u54cd\u5e94\u3002\u63d2\u56fe\"<\/p>\n

Linux\u670d\u52a1\u5668\u7f51\u7edc\u5b89\u5168\uff1aWeb\u63a5\u53e3\u653b\u51fb\u7684\u5b9e\u65f6\u68c0\u6d4b\u4e0e\u54cd\u5e94<\/p>\n

\u6458\u8981\uff1a
\u968f\u7740Web\u5e94\u7528\u7a0b\u5e8f\u7684\u666e\u53ca\u548c\u53d1\u5c55\uff0cWeb\u63a5\u53e3\u653b\u51fb\u4e5f\u65e5\u76ca\u7316\u7357\u3002\u4e3a\u4e86\u4fdd\u62a4\u670d\u52a1\u5668\u7684\u7f51\u7edc\u5b89\u5168\uff0c\u672c\u6587\u4ecb\u7ecd\u4e86\u4e00\u79cd\u9488\u5bf9Linux\u670d\u52a1\u5668\u7684Web\u63a5\u53e3\u653b\u51fb\u5b9e\u65f6\u68c0\u6d4b\u4e0e\u54cd\u5e94\u65b9\u6cd5\u3002\u901a\u8fc7\u5206\u6790\u8bf7\u6c42\u6d41\u91cf\uff0c\u4f7f\u7528\u57fa\u4e8e\u89c4\u5219\u7684\u68c0\u6d4b\u5f15\u64ce\u5b9e\u65f6\u68c0\u6d4bWeb\u63a5\u53e3\u653b\u51fb\uff0c\u5e76\u7ed3\u5408\u4ee3\u7801\u793a\u4f8b\u4ecb\u7ecd\u4e86\u4e00\u79cd\u57fa\u4e8eNginx\u548cModSecurity\u7684\u5b9e\u73b0\u65b9\u6848\u3002<\/p>\n

    \n
  1. \u5f15\u8a00
    \u968f\u7740\u4e92\u8054\u7f51\u7684\u98de\u901f\u53d1\u5c55\uff0cWeb\u5e94\u7528\u7a0b\u5e8f\u5df2\u7ecf\u6210\u4e3a\u4eba\u4eec\u83b7\u53d6\u4fe1\u606f\u548c\u8fdb\u884c\u4ea4\u6d41\u7684\u4e3b\u8981\u9014\u5f84\u3002\u7136\u800c\uff0c\u968f\u4e4b\u800c\u6765\u7684\u662f\u7f51\u7edc\u5b89\u5168\u98ce\u9669\u7684\u4e0d\u65ad\u589e\u52a0\uff0cWeb\u63a5\u53e3\u653b\u51fb\u6210\u4e3a\u4e92\u8054\u7f51\u9886\u57df\u4e2d\u7684\u5e38\u89c1\u5a01\u80c1\u3002\u4e3a\u4e86\u4fdd\u62a4\u670d\u52a1\u5668\u7684\u7f51\u7edc\u5b89\u5168\uff0c\u53ca\u65f6\u68c0\u6d4b\u548c\u54cd\u5e94Web\u63a5\u53e3\u653b\u51fb\u81f3\u5173\u91cd\u8981\u3002<\/li>\n
  2. Web\u63a5\u53e3\u653b\u51fb\u7684\u7c7b\u578b
    Web\u63a5\u53e3\u653b\u51fb\u5305\u62ec\u4f46\u4e0d\u9650\u4e8eSQL\u6ce8\u5165\u3001\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff08XSS\uff09\u3001\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\uff08CSRF\uff09\u548c\u8bbf\u95ee\u63a7\u5236\u7f3a\u9677\u7b49\u3002\u8fd9\u4e9b\u653b\u51fb\u624b\u6cd5\u65e2\u53ef\u4ee5\u76f4\u63a5\u5bfc\u81f4\u670d\u52a1\u5668\u7684\u6570\u636e\u6cc4\u9732\u548c\u53d7\u635f\uff0c\u4e5f\u53ef\u4ee5\u8fdb\u4e00\u6b65\u653b\u51fb\u5176\u4ed6\u7cfb\u7edf\u6216\u7528\u6237\u3002<\/li>\n
  3. \u57fa\u4e8e\u89c4\u5219\u7684Web\u63a5\u53e3\u653b\u51fb\u68c0\u6d4b\u5f15\u64ce
    \u57fa\u4e8e\u89c4\u5219\u7684\u68c0\u6d4b\u5f15\u64ce\u662f\u4e00\u79cd\u5e38\u89c1\u7684Web\u63a5\u53e3\u653b\u51fb\u68c0\u6d4b\u65b9\u6cd5\u3002\u5b83\u901a\u8fc7\u5b9a\u4e49\u4e00\u7cfb\u5217\u89c4\u5219\uff0c\u5bf9\u8bf7\u6c42\u6d41\u91cf\u8fdb\u884c\u5206\u6790\u548c\u5339\u914d\uff0c\u4ece\u800c\u5b9e\u65f6\u68c0\u6d4b\u51fa\u5404\u79cd\u653b\u51fb\u884c\u4e3a\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u7b80\u5355\u7684\u89c4\u5219\u793a\u4f8b\uff1a<\/li>\n<\/ol>\n

    \u89c4\u52191\uff1a\u68c0\u6d4bSQL\u6ce8\u5165\u653b\u51fb
    \u5339\u914d\u6a21\u5f0f\uff1a’ OR ‘1’=’1
    \u52a8\u4f5c\uff1a\u62e6\u622a\u8bf7\u6c42\uff0c\u5e76\u8bb0\u5f55IP\u5730\u5740<\/p>\n

    \u89c4\u52192\uff1a\u68c0\u6d4bXSS\u653b\u51fb
    \u5339\u914d\u6a21\u5f0f\uff1a<script>alert(‘XSS’)<\/script>
    \u52a8\u4f5c\uff1a\u62e6\u622a\u8bf7\u6c42\uff0c\u5e76\u8bb0\u5f55IP\u5730\u5740<\/p>\n

    \u89c4\u52193\uff1a\u68c0\u6d4bCSRF\u653b\u51fb
    \u5339\u914d\u6a21\u5f0f\uff1a\"Linux\u670d\u52a1\u5668\u7f51\u7edc\u5b89\u5168\uff1aWeb\u63a5\u53e3\u653b\u51fb\u7684\u5b9e\u65f6\u68c0\u6d4b\u4e0e\u54cd\u5e94\u3002\u63d2\u56fe1\"
    \u52a8\u4f5c\uff1a\u62e6\u622a\u8bf7\u6c42\uff0c\u5e76\u8bb0\u5f55IP\u5730\u5740<\/p>\n

      \n
    1. \u57fa\u4e8eNginx\u548cModSecurity\u7684\u5b9e\u73b0\u65b9\u6848
      Nginx\u662f\u4e00\u4e2a\u9ad8\u6027\u80fd\u7684Web\u670d\u52a1\u5668\u548c\u53cd\u5411\u4ee3\u7406\u670d\u52a1\u5668\uff0c\u800cModSecurity\u662f\u4e00\u4e2a\u5f00\u6e90\u7684Web\u5e94\u7528\u7a0b\u5e8f\u9632\u706b\u5899\uff08WAF\uff09\u6a21\u5757\u3002\u7ed3\u5408\u4e8c\u8005\u53ef\u4ee5\u5b9e\u73b0Web\u63a5\u53e3\u653b\u51fb\u7684\u5b9e\u65f6\u68c0\u6d4b\u4e0e\u54cd\u5e94\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u57fa\u4e8eNginx\u548cModSecurity\u7684\u5b9e\u73b0\u793a\u4f8b\uff1a<\/li>\n<\/ol>\n

      \u793a\u4f8b\u4ee3\u78011\uff1aNginx\u914d\u7f6e\u6587\u4ef6<\/p>\n

      server {\n    listen 80;\n    server_name example.com;\n    \n    location \/ {\n        ModSecurityEnabled on;\n        ModSecurityConfig modsecurity.conf;\n        \n        proxy_pass http:\/\/backend;\n    }\n}<\/pre>\n
        \u767b\u5f55\u540e\u590d\u5236   <\/p>\n
      \u793a\u4f8b\u4ee3\u78012\uff1aModSecurity\u914d\u7f6e\u6587\u4ef6\uff08modsecurity.conf\uff09<\/p>\n
      SecRuleEngine On\n\nSecRule REQUEST_FILENAME \"@rx \/login.php\" \n    \"id:1,rev:1,phase:2,deny,status:403,msg:'SQL Injection attack detected'\"\n    \nSecRule REQUEST_FILENAME \"@rx \/index.php\" \n    \"id:2,rev:1,phase:2,deny,status:403,msg:'XSS attack detected'\"\n    \nSecRule REQUEST_FILENAME \"@rx \/logout.php\" \n    \"id:3,rev:1,phase:2,deny,status:403,msg:'CSRF attack detected'\"<\/pre>\n
        \u767b\u5f55\u540e\u590d\u5236   <\/p>\n
      \u5728\u4e0a\u8ff0\u793a\u4f8b\u4e2d\uff0cNginx\u914d\u7f6e\u6587\u4ef6\u4e2d\u542f\u7528\u4e86ModSecurity\u6a21\u5757\uff0c\u5e76\u6307\u5b9a\u4e86ModSecurity\u7684\u914d\u7f6e\u6587\u4ef6\u3002ModSecurity\u914d\u7f6e\u6587\u4ef6\u4e2d\u5b9a\u4e49\u4e86\u4e09\u4e2a\u89c4\u5219\uff0c\u5206\u522b\u68c0\u6d4bSQL\u6ce8\u5165\u653b\u51fb\u3001XSS\u653b\u51fb\u548cCSRF\u653b\u51fb\u3002<\/p>\n
        \n
      1. \u7ed3\u8bba
        Web\u63a5\u53e3\u653b\u51fb\u5df2\u7ecf\u6210\u4e3aLinux\u670d\u52a1\u5668\u7f51\u7edc\u5b89\u5168\u7684\u91cd\u8981\u5a01\u80c1\u4e4b\u4e00\u3002\u4e3a\u4e86\u4fdd\u62a4\u670d\u52a1\u5668\u7684\u7f51\u7edc\u5b89\u5168\uff0c\u672c\u6587\u4ecb\u7ecd\u4e86\u4e00\u79cd\u9488\u5bf9Linux\u670d\u52a1\u5668\u7684Web\u63a5\u53e3\u653b\u51fb\u5b9e\u65f6\u68c0\u6d4b\u4e0e\u54cd\u5e94\u65b9\u6cd5\u3002\u901a\u8fc7\u57fa\u4e8e\u89c4\u5219\u7684\u68c0\u6d4b\u5f15\u64ce\uff0c\u7ed3\u5408Nginx\u548cModSecurity\u7684\u5b9e\u73b0\u65b9\u6848\uff0c\u53ef\u4ee5\u6709\u6548\u5730\u68c0\u6d4b\u548c\u963b\u6b62\u5404\u79cdWeb\u63a5\u53e3\u653b\u51fb\u884c\u4e3a\u3002\u5728\u5b9e\u9645\u5e94\u7528\u4e2d\uff0c\u6211\u4eec\u53ef\u4ee5\u6839\u636e\u5177\u4f53\u7684\u9700\u6c42\u5b9a\u4e49\u66f4\u591a\u7684\u89c4\u5219\uff0c\u5e76\u6301\u7eed\u66f4\u65b0\u548c\u7ef4\u62a4\u89c4\u5219\u5e93\uff0c\u4ee5\u5e94\u5bf9\u4e0d\u65ad\u53d8\u5316\u7684\u7f51\u7edc\u5b89\u5168\u5a01\u80c1\u3002<\/li>\n<\/ol>\n
        \u4ee5\u4e0a\u5c31\u662fLinux\u670d\u52a1\u5668\u7f51\u7edc\u5b89\u5168\uff1aWeb\u63a5\u53e3\u653b\u51fb\u7684\u5b9e\u65f6\u68c0\u6d4b\u4e0e\u54cd\u5e94\u3002\u7684\u8be6\u7ec6\u5185\u5bb9\uff0c\u66f4\u591a\u8bf7\u5173\u6ce8\u7c73\u4e91\u5176\u5b83\u76f8\u5173\u6587\u7ae0\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"
        Linux\u670d\u52a1\u5668\u7f51\u7edc\u5b89\u5168\uff1aWeb\u63a5\u53e3\u653b\u51fb\u7684\u5b9e\u65f6\u68c0\u6d4b\u4e0e\u54cd\u5e94 \u6458\u8981\uff1a\u968f\u7740Web\u5e94\u7528\u7a0b\u5e8f\u7684\u666e\u53ca\u548c\u53d1\u5c55\uff0cWeb\u63a5\u53e3\u653b\u51fb\u4e5f\u65e5\u76ca\u7316\u7357\u3002\u4e3a\u4e86\u4fdd\u62a4\u670d\u52a1\u5668\u7684\u7f51\u7edc\u5b89\u5168\uff0c\u672c\u6587\u4ecb\u7ecd\u4e86\u4e00\u79cd\u9488\u5bf9Linux\u670d\u52a1\u5668\u7684Web\u63a5\u53e3\u653b\u51fb\u5b9e\u65f6\u68c0\u6d4b\u4e0e\u54cd\u5e94\u65b9\u6cd5\u3002\u901a\u8fc7\u5206\u6790\u8bf7\u6c42\u6d41\u91cf\uff0c\u4f7f\u7528\u57fa\u4e8e\u89c4\u5219\u7684\u68c0\u6d4b\u5f15\u64ce\u5b9e\u65f6\u68c0\u6d4bWeb\u63a5\u53e3\u653b\u51fb\uff0c\u5e76\u7ed3\u5408\u4ee3\u7801\u793a\u4f8b\u4ecb\u7ecd\u4e86\u4e00\u79cd\u57fa\u4e8eNginx\u548cModSecurity\u7684\u5b9e\u73b0\u65b9\u6848\u3002 \u5f15\u8a00\u968f\u7740\u4e92\u8054\u7f51\u7684\u98de\u901f\u53d1\u5c55\uff0cWeb\u5e94\u7528\u7a0b\u5e8f\u5df2\u7ecf\u6210\u4e3a\u4eba\u4eec\u83b7\u53d6\u4fe1\u606f\u548c\u8fdb\u884c\u4ea4\u6d41\u7684\u4e3b\u8981\u9014\u5f84\u3002\u7136\u800c\uff0c\u968f\u4e4b\u800c\u6765\u7684\u662f\u7f51\u7edc\u5b89\u5168\u98ce\u9669\u7684\u4e0d\u65ad\u589e\u52a0\uff0cWeb\u63a5\u53e3\u653b\u51fb\u6210\u4e3a\u4e92\u8054\u7f51\u9886\u57df\u4e2d\u7684\u5e38\u89c1\u5a01\u80c1\u3002\u4e3a\u4e86\u4fdd\u62a4\u670d\u52a1\u5668\u7684\u7f51\u7edc\u5b89\u5168\uff0c\u53ca\u65f6\u68c0\u6d4b\u548c\u54cd\u5e94Web\u63a5\u53e3\u653b\u51fb\u81f3\u5173\u91cd\u8981\u3002 Web\u63a5\u53e3\u653b\u51fb\u7684\u7c7b\u578bWeb\u63a5\u53e3\u653b\u51fb\u5305\u62ec\u4f46\u4e0d\u9650\u4e8eSQL\u6ce8\u5165\u3001\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff08XSS\uff09\u3001\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\uff08CSRF\uff09\u548c\u8bbf\u95ee\u63a7\u5236\u7f3a\u9677\u7b49\u3002\u8fd9\u4e9b\u653b\u51fb\u624b\u6cd5\u65e2\u53ef\u4ee5\u76f4\u63a5\u5bfc\u81f4\u670d\u52a1\u5668\u7684\u6570\u636e\u6cc4\u9732\u548c\u53d7\u635f\uff0c\u4e5f\u53ef\u4ee5\u8fdb\u4e00\u6b65\u653b\u51fb\u5176\u4ed6\u7cfb\u7edf\u6216\u7528\u6237\u3002 \u57fa\u4e8e\u89c4\u5219\u7684Web\u63a5\u53e3\u653b\u51fb\u68c0\u6d4b\u5f15\u64ce\u57fa\u4e8e\u89c4\u5219\u7684\u68c0\u6d4b\u5f15\u64ce\u662f\u4e00\u79cd\u5e38\u89c1\u7684Web\u63a5\u53e3\u653b\u51fb\u68c0\u6d4b\u65b9\u6cd5\u3002\u5b83\u901a\u8fc7\u5b9a\u4e49\u4e00\u7cfb\u5217\u89c4\u5219\uff0c\u5bf9\u8bf7\u6c42\u6d41\u91cf\u8fdb\u884c\u5206\u6790\u548c\u5339\u914d\uff0c\u4ece\u800c\u5b9e\u65f6\u68c0\u6d4b\u51fa\u5404\u79cd\u653b\u51fb\u884c\u4e3a\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u7b80\u5355\u7684\u89c4\u5219\u793a\u4f8b\uff1a \u89c4\u52191\uff1a\u68c0\u6d4bSQL\u6ce8\u5165\u653b\u51fb\u5339\u914d\u6a21\u5f0f\uff1a’ OR ‘1’=’1\u52a8\u4f5c\uff1a\u62e6\u622a\u8bf7\u6c42\uff0c\u5e76\u8bb0\u5f55IP\u5730\u5740 \u89c4\u52192\uff1a\u68c0\u6d4bXSS\u653b\u51fb\u5339\u914d\u6a21\u5f0f\uff1a<script>alert(‘XSS’)<\/script>\u52a8\u4f5c\uff1a\u62e6\u622a\u8bf7\u6c42\uff0c\u5e76\u8bb0\u5f55IP\u5730\u5740 \u89c4\u52193\uff1a\u68c0\u6d4bCSRF\u653b\u51fb\u5339\u914d\u6a21\u5f0f\uff1a\u52a8\u4f5c\uff1a\u62e6\u622a\u8bf7\u6c42\uff0c\u5e76\u8bb0\u5f55IP\u5730\u5740 \u57fa\u4e8eNginx\u548cModSecurity\u7684\u5b9e\u73b0\u65b9\u6848Nginx\u662f\u4e00\u4e2a\u9ad8\u6027\u80fd\u7684Web\u670d\u52a1\u5668\u548c\u53cd\u5411\u4ee3\u7406\u670d\u52a1\u5668\uff0c\u800cModSecurity\u662f\u4e00\u4e2a\u5f00\u6e90\u7684Web\u5e94\u7528\u7a0b\u5e8f\u9632\u706b\u5899\uff08WAF\uff09\u6a21\u5757\u3002\u7ed3\u5408\u4e8c\u8005\u53ef\u4ee5\u5b9e\u73b0Web\u63a5\u53e3\u653b\u51fb\u7684\u5b9e\u65f6\u68c0\u6d4b\u4e0e\u54cd\u5e94\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u57fa\u4e8eNginx\u548cModSecurity\u7684\u5b9e\u73b0\u793a\u4f8b\uff1a \u793a\u4f8b\u4ee3\u78011\uff1aNginx\u914d\u7f6e\u6587\u4ef6 server { listen 80; server_name example.com; location \/ { ModSecurityEnabled on; ModSecurityConfig modsecurity.conf; proxy_pass http:\/\/backend; } } \u767b\u5f55\u540e\u590d\u5236 \u793a\u4f8b\u4ee3\u78012\uff1aModSecurity\u914d\u7f6e\u6587\u4ef6\uff08modsecurity.conf\uff09 SecRuleEngine On SecRule REQUEST_FILENAME “@rx \/login.php” “id:1,rev:1,phase:2,deny,status:403,msg:’SQL Injection attack detected'” SecRule REQUEST_FILENAME “@rx \/index.php” “id:2,rev:1,phase:2,deny,status:403,msg:’XSS attack detected'” SecRule REQUEST_FILENAME “@rx \/logout.php” “id:3,rev:1,phase:2,deny,status:403,msg:’CSRF attack detected'” […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-16928","post","type-post","status-publish","format-standard","hentry","category-os"],"_links":{"self":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/16928","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/comments?post=16928"}],"version-history":[{"count":0,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/16928\/revisions"}],"wp:attachment":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/media?parent=16928"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/categories?post=16928"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/tags?post=16928"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}