男黑客渗透靶机,是提供文件上传功能的,并且可以直接拿webshell,但是有写童鞋说,拿webshell的靶机都不是好靶机,既然这样,那我就配置一下吧。 禁止上传文件保存目录执行php - server {
- listen 80;
- root /home/wwwroot/nanhack_com/public_html;
- server_name nanhack.com nanhack.com www.nanhack.com;
- index index.html index.php index.htm;
- error_page 400 /errpage/400.html;
- error_page 403 /errpage/403.html;
- error_page 404 /errpage/404.html;
- error_page 503 /errpage/503.html;
- location ~* ^/payload/upload/uploads/.*\.(php|php5)$
- {
- deny all;
- }
- location ~ \.php(.*)$ {
- fastcgi_pass unix:/tmp/php-70-cgi.sock;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME $DOCUMENT_ROOT$fastcgi_script_name;
- fastcgi_param PATH_INFO $2;
- include fcgi.conf;
- }
- location ~ /\.ht {
- deny all;
- }
- location / {
- try_files $uri $uri/ /?$args;
- }
- }
复制代码
以上是整个代码,其中最重要的代码是这个: - location ~* ^/payload/upload/uploads/.*\.(php|php5)$
- {
- deny all;
- }
复制代码
配置以上代码,被保存的文件,将不会被拿webhsell
|