Closed loki008 closed 5 years ago
After installing naxsi,html is checked and can be blocked,but json is not,the parameters are transmitted through json.
Please help,thanks.
nginx.conf information
user admin admin;
worker_processes auto; worker_cpu_affinity auto;
error_log /data/logs/nginx/error.log crit; pid /var/run/nginx.pid;
worker_rlimit_nofile 65535;
include dso_conf/ngx_dso_modules.conf;
events { use epoll; worker_connections 10240; }
http { server_tokens off; server_tag off; autoindex off; access_log off; include mime.types; include naxsi_core.rules; default_type application/octet-stream;
server_names_hash_bucket_size 128; client_header_buffer_size 128k; large_client_header_buffers 4 128k; client_max_body_size 2m; client_body_buffer_size 256k; sendfile on; tcp_nopush on; keepalive_timeout 900; tcp_nodelay on; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 6; gzip_types "image/jpeg;charset=utf-8" text/plain application/x-javascript text/css application/xml application/javascript text/javascript image/jpeg image/gif image/png; gzip_vary on; proxy_connect_timeout 900; proxy_read_timeout 900; proxy_send_timeout 900; proxy_buffer_size 128k; proxy_buffers 4 128k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_headers_hash_max_size 1024; proxy_headers_hash_bucket_size 128; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cache_path /data/logs/nginx/cache1 levels=1:2 keys_zone=cache1:100m max_size=50g inactive=90d; proxy_temp_path /data/logs/nginx/nginx_temp/nginx_temp; log_format access '$remote_addr - $remote_user [$time_local] "$request"' '$status $body_bytes_sent "$http_referer"' '"$http_user_agent" $http_x_forwarded_for'; log_format ha '$remote_addr\t$time_local\t$host\t"$request"\t' '$status\t$body_bytes_sent\t"$http_referer"\t' '"$http_user_agent"\t$request_time\t$sent_http_content_type\t' '$upstream_addr\t$upstream_status\t$upstream_response_time\t' '"$http_x_forwarded_for"'; log_format main '$remote_addr\t$time_local\t"$request"\t' '$status\t$body_bytes_sent\t"$http_referer"\t' '"$http_user_agent"\t$request_time\t' '$upstream_addr\t$upstream_status\t$upstream_response_time\t' '"$http_x_forwarded_for"\t$host'; map $http_x_forwarded_proto $https_status { default off; https on; } map $http_upgrade $connection_upgrade { default upgrade; '' close; }
server { listen 80; server_name localhost;
#charset koi8-r; access_log logs/host.access.log main; location / { include naxsi.rules; include naxsi_BasicRule.conf; root html; index index.html index.htm; } location /RequestDenied { return 403; } error_page 403 /403.html; location = /403.html { root html; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } ## reqstat req_status_zone server_reqstat_monitor "$host" 100M;
# limit req zone ## limit_req_zone $binary_remote_addr $http_user_agent zone=limit_with_user_agent:50m rate=30r/m; limit_req_zone $binary_remote_addr $uri zone=limit_with_uri:50m rate=3r/m; limit_req_zone $server_name zone=limit_server_qps:10m rate=3500r/s; limit_req_zone $binary_remote_addr zone=limit_with_remote_addr:20m rate=5r/m; include conf.d/*.conf; include upstream/*.conf; include vhost.d/*.conf;
}
After installing naxsi,html is checked and can be blocked,but json is not,the parameters are transmitted through json.
Please help,thanks.
nginx.conf information
user admin admin;
worker_processes auto; worker_cpu_affinity auto;
error_log /data/logs/nginx/error.log crit; pid /var/run/nginx.pid;
worker_rlimit_nofile 65535;
include dso_conf/ngx_dso_modules.conf;
events { use epoll; worker_connections 10240; }
http { server_tokens off; server_tag off; autoindex off; access_log off; include mime.types; include naxsi_core.rules; default_type application/octet-stream;
server { listen 80; server_name localhost;
}