个人网站空间申请,html5 网站开发 适配,域名购买哪个网站,免费推广自己的网站背景
写了个电影网站#xff08;纯粹搞着玩的#xff09;#xff0c;准备买个域名然后上线#xff0c;但是看日志经常被一些恶意IP进行攻击#xff0c;这里准备接入腾讯云的安全以及加速产品edgeone#xff0c;记录下当时的步骤。
一、nginx配置重定向以及日志格式
ng…背景
写了个电影网站纯粹搞着玩的准备买个域名然后上线但是看日志经常被一些恶意IP进行攻击这里准备接入腾讯云的安全以及加速产品edgeone记录下当时的步骤。
一、nginx配置重定向以及日志格式
nginx.conf
user nginx;
#user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf; events { worker_connections 1024;
} http { include log_format.conf; include upstream.conf; log_format main $remote_addr - $remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for; access_log /var/log/nginx/access.log main; access_log /var/log/nginx/access.json.log json_format; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream;include /etc/nginx/conf.d/*.conf; include /etc/nginx/default.d/*.conf; }log_format.conf
log_format json_format escapejson {timestamp:$time_iso8601,version:1,server_addr:$server_addr,remote_addr:$remote_addr,http_host:$host,uri:$uri,#upstream_response_time:$temprt,upstream_addr:$upstream_addr,upstream_status:$upstream_status,body_bytes_sent:$body_bytes_sent,bytes_sent:$bytes_sent,request_method:$request_method,request:$request,request_length:$request_length,request_time:$request_time,status:$status,http_referer:$http_referer,http_x_forwarded_for:$http_x_forwarded_for,http_user_agent:$http_user_agent,http_x_tc_requestId: $http_x_tc_requestId,body:$request_body };default.conf
server {listen 80;server_name vip04.cn www.vip04.cn;return 301 https://www.vip04.cn$request_uri;
}server {listen 443 ssl;server_name vip04.cn;ssl_certificate /etc/nginx/ssl_certificate/vip04.cn_bundle.crt;ssl_certificate_key /etc/nginx/ssl_certificate/vip04.cn.key;ssl_protocols TLSv1.2 TLSv1.3;ssl_ciphers HIGH:!aNULL:!MD5;return 301 https://www.vip04.cn$request_uri;
}
server {listen 443 ssl;server_name www.vip04.cn;ssl_certificate /etc/nginx/ssl_certificate/vip04.cn_bundle.crt; ssl_certificate_key /etc/nginx/ssl_certificate/vip04.cn.key;ssl_protocols TLSv1.2 TLSv1.3;ssl_ciphers HIGH:!aNULL:!MD5;location /static {alias /data/flask_demo/12.1/static/;}location / {try_files $uri yourapplication;}location ~* /test {return 403;}location ~* /admin.console {return 403;}location yourapplication {include uwsgi_params;uwsgi_pass unix:/tmp/logs/movie.sock;uwsgi_read_timeout 1800;uwsgi_send_timeout 300;}
}二、修改域名解析指向edgeone提供的域名
1、dnspod修改解析
2、eo控制台查看是否生效 三、配置防护策略 四、验证是否生效
1、开启拦截策略
浏览器访问vip04.cn测试效果
结论 可以看到重定向生效和拦截策略生效status为567的就是拦截成功
2、放开拦截策略
浏览器访问vip04.cn测试效果 结论 没有触发拦截符合预期
