【发布时间】:2014-06-13 08:46:53
【问题描述】:
我正在使用带有 Better WP Security 插件的 Wordpress。
此插件提供了一个选项,该选项不允许机器人或任何人登录 /wp-admin 或 /wp-login。
相反,它要求您访问特定的 URL,例如 /secret-area,然后它会将您重定向到以下 URL(注意它附加的长键):
/wp-admin?h28g8y28kknkwh28h3&redirect_to=/wp-admin/
这样,正在扫描的机器人无法找到常用的 Wordpress 登录路径。
问题是,当我启用 Varnish 时,当我访问 /secret-area 时,页面会尝试重定向到以下 URL(这显然不起作用):
example.com:8080/wp-login.php?h28g8y28kknkwh28h3&redirect_to=/wp-admin/
所以它添加了端口8080,这是 nginx 作为后端监听的端口。
我唯一能想到的是Better WP Security 插件要你添加的 Nginx 配置没有考虑到 nginx 不在端口 80 上运行...
那么,我想知道您是否可以发现这些规则存在一些问题?有问题的部分靠近底部:
# BEGIN Better WP Security
set $susquery 0;
set $rule_2 0;
set $rule_3 0;
if ($request_method ~* "^(TRACE|DELETE|TRACK)"){ return 403; }
location /wp-comments-post.php {
valid_referers novalidreferrers;
set $rule_0 0;
if ($request_method ~ "POST"){ set $rule_0 1$rule_0; }
if ($invalid_referer) { set $rule_0 2$rule_0; }
if ($http_user_agent ~ "^$"){ set $rule_0 3$rule_0; }
if ($rule_0 = "3210") { return 403; }
} if ($args ~* "\.\./") { set $susquery 1; }
if ($args ~* ".(bash|git|hg|log|svn|swp|cvs)") { set $susquery 1; }
if ($args ~* "etc/passwd") { set $susquery 1; }
if ($args ~* "boot.ini") { set $susquery 1; }
if ($args ~* "ftp:") { set $susquery 1; }
if ($args ~* "http:") { set $susquery 1; }
if ($args ~* "https:") { set $susquery 1; }
if ($args ~* "(<|%3C).*script.*(>|%3E)") { set $susquery 1; }
if ($args ~* "mosConfig_[a-zA-Z_]{1,21}(=|%3D)") { set $susquery 1; }
if ($args ~* "base64_encode") { set $susquery 1; }
if ($args ~* "(%24&x)") { set $susquery 1; }
if ($args ~* "(\[|\]|\(|\)|<|>|ê|\"|;|\?|\*|=$)"){ set $susquery 1; }
if ($args ~* "("|'|<|>|\|{|||%24&x)"){ set $susquery 1; }
if ($args ~* "(127.0)") { set $susquery 1; }
if ($args ~* "(%0|%A|%B|%C|%D|%E|%F)") { set $susquery 1; }
if ($args ~* "(globals|encode|localhost|loopback)") { set $susquery 1; }
if ($args ~* "(request|select|insert|concat|union|declare)") { set $susquery 1; }
if ($http_cookie !~* "wordpress_logged_in_" ) {
set $susquery 2$susquery;
set $rule_2 1;
set $rule_3 1;
}
if ($args !~ "^loggedout=true") { set $susquery 3$susquery; }
if ($susquery = 4321) { return 403; }
rewrite ^/login/?$ /wp-login.php?h28g8y28kknkwh28h3 redirect;
if ($rule_2 = 1) { rewrite ^/admin/?$ /wp-login.php?h28g8y28kknkwh28h3&redirect_to=/wp-admin/ redirect; }
if ($rule_2 = 0) { rewrite ^/admin/?$ /wp-admin/?h28g8y28kknkwh28h3 redirect; }
rewrite ^/register/?$ /wp-login.php?h28g8y28kknkwh28h3&action=register redirect;
if ($uri !~ "^(.*)admin-ajax.php") { set $rule_3 2$rule_3; }
if ($http_referer !~* wp-admin ) { set $rule_3 3$rule_3; }
if ($http_referer !~* wp-login.php ) { set $rule_3 4$rule_3; }
if ($http_referer !~* login ) { set $rule_3 5$rule_3; }
if ($http_referer !~* admin ) { set $rule_3 6$rule_3; }
if ($http_referer !~* register ) { set $rule_3 7$rule_3; }
if ($args !~ "^action=logout") { set $rule_3 8$rule_3; }
if ($args !~ "^h28g8y28kknkwh28h3") { set $rule_3 9$rule_3; }
if ($args !~ "^action=rp") { set $rule_3 0$rule_3; }
if ($args !~ "^action=register") { set $rule_3 a$rule_3; }
if ($args !~ "^action=postpass") { set $rule_3 b$rule_3; }
if ($rule_3 = ba0987654321) {
rewrite ^(.*/)?wp-login.php /not_found redirect;
rewrite ^/wp-admin(.*)$ /not_found redirect;
}
# END Better WP Security
【问题讨论】:
标签: redirect nginx wordpress varnish