gpt4 book ai didi

wordpress - 仅在 NGINX 中允许通过 IP 白名单访问某些位置

转载 作者:行者123 更新时间:2023-12-04 22:18:28 25 4
gpt4 key购买 nike

我正在使用 Sucuri Scanner 通知我登录尝试失败,目前我每天收到大约 50 多封电子邮件。我尝试了几种不同的方法来阻止访问 wp-login.php wp-admin 没有任何运气,因为我认为这些规则可能不适用于子域(或者通常只是糟糕)。

server {
# Primary domain, secondary domain and subdomains are explicitly
# declared so that I can generate certs using CertBot
server_name primarydomain.com
secondarydomain.com
subdomain1.primarydomain.com
subdomain2.primarydomain.com
subdomain3.primarydomain.com;

client_max_body_size 20M;
root /home/username/www/primarydomain.com/public_html;
index index.php;
error_log /home/username/www/primarydomain.com/logs/error.log error;

location / {
try_files $uri $uri/ /index.php?$args;
}

location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}

# This doesn't seem to block access
location /wp-login.php {
allow XXX.XXX.XXX.XXX; # this is my ipaddress
deny all;
}

# This doesn't seem to block access
location /wp-admin/ {
deny all;
allow XXX.XXX.XXX.XXX; # this is my ipaddress
}

# This doesn't seem to block access
location ~ ^/(wp-admin|wp-login\.php) {
deny all;
allow XXX.XXX.XXX.XXX; # this is my ipaddress
}
}

最佳答案

它不起作用,因为 regexps 的优先级高于 nginx 中的前缀

https://nginx.ru/en/docs/http/ngx_http_core_module.html#location

To find location matching a given request, nginx first checks locations defined using the prefix strings (prefix locations). Among them, the location with the longest matching prefix is selected and remembered.



重点是:

Then regular expressions are checked, in the order of their appearance in the configuration file. The search of regular expressions terminates on the first match, and the corresponding configuration is used. If no match with a regular expression is found then the configuration of the prefix location remembered earlier is used



所以这个表达式会处理所有的请求
location ~ \.php$

解决方案之一可能是将您的 prefix 位置转换为正则表达式并将它们在配置文件中向上移动

或者对您想要限制访问的网址使用 = 修饰符

Also, using the “=” modifier it is possible to define an exact match of URI and location. If an exact match is found, the search terminates



文档中的更多示例:
location = / {
[ configuration A ]
}

location / {
[ configuration B ]
}

location /documents/ {
[ configuration C ]
}

location ^~ /images/ {
[ configuration D ]
}

location ~* \.(gif|jpg|jpeg)$ {
[ configuration E ]
}

The “/” request will match configuration A, the “/index.html” request will match configuration B, the “/documents/document.html” request will match configuration C, the “/images/1.gif” request will match configuration D, and the “/documents/1.jpg” request will match configuration E

关于wordpress - 仅在 NGINX 中允许通过 IP 白名单访问某些位置,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49104447/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com