Answer the question
In order to leave comments, you need to log in
Redirect from slash to without, redirect from index.html to without, parameter processing, etc. in nginx?
Good afternoon!
When checking the site on one service, I received the following critical errors:
URL vulnerability: Redirecting the slash at the end of the URL is not configured
URL vulnerability: Arbitrary parameters are processed incorrectly
URL vulnerability: Duplicate hyphens are processed incorrectly
URL vulnerability: Parameter switching is performed incorrectly
Also requires a redirect from site.ru /index.html on site.ru. Site.ru/index.php redirect works.
Please help me set up the server correctly.
Here is the config file:
server {
server_name site.ru www.site.ru;
listen 1.1.1.1:80;
return 301 https://site.ru$request_uri;
}
server {
server_name www.site.ru;
listen 1.1.1.1:443 ssl;
return 301 https://site.ru$request_uri;
ssl_certificate "/var/www/httpd-cert/agshop/agshop SSL.crtca";
ssl_certificate_key "/var/www/httpd-cert/agshop/agshop SSL.key";
}
server {
server_name site.ru;
ssl on;
ssl_certificate "/var/www/httpd-cert/agshop/agshop SSL.crtca";
ssl_certificate_key "/var/www/httpd-cert/agshop/agshop SSL.key";
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=129600;";
ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
charset off;
index index.html index.php;
disable_symlinks if_not_owner from=$root_path;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/site.ru/*.conf;
access_log /var/www/httpd-logs/site.ru.access.log;
error_log /var/www/httpd-logs/site.ru.error.log notice;
ssi on;
set $root_path /var/www/agshop/data/www/site.ru;
root $root_path;
listen 1.1.1.1:443 ssl http2;
gzip on;
gzip_comp_level 6;
gzip_disable "msie6";
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
expires 30d;
location / {
location ~ [^/]\.ph(p\d*|tml)$ {
try_files /does_not_exists @php;
}
try_files $uri $uri/ /index.php$is_args$args;
}
location @php {
fastcgi_index index.php;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f admin@site.ru";
fastcgi_pass unix:/var/www/php-fpm/agshop.sock;
fastcgi_split_path_info ^((?U).+\.ph(?:p\d*|tml))(/?.+)$;
try_files $uri =404;
include fastcgi_params;
}
}
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question