변군이글루

nginx 공격 아이피(attacker ip) 추출 $ tail -n 10000 access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -n 10 tail -n 10000 /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -n 10 554 111.111.111.111 210 222.222.222.222 57 222.222.222.223 56 222.222.222.224 50 222.222.222.225 48 222.222.222.226 48 222.222.222.227 45 222.222.222.228 44 222.222.222.229 44 222.22..

취약점을 방지하기 위한 보안 HTTP 헤더를 설정하기 X-Content-Type-Options ###Apache Header set X-Content-Type-Options nosniff ###Nginx add_header X-Content-Type-Options nosniff; X-XSS-Protection ###Apache Header set X-XSS-Protection "1; mode=block" ###Nginx add_header X-XSS-Protection "1; mode=block"; X-Frame-Options ###Apache Header always append X-Frame-Options DENY ###Nginx add_header X-Frame-Options “DENY”; HTTP..

NGING에서 PHP-FPM 상태를 활성화하고 모니터링하는 방법 nginx 설정 $ vim /etc/nginx/conf.d/default.conf ... # nginx, php-fpm status location ~ ^/(status|ping)$ { fastcgi_pass unix:/run/php-fpm/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; include fastcgi_params; allow 127.0.0.1; allow 10.11.0.0/16; allow 10.21.0.0/16; allow 10.31.0.0/16; deny all; access_log ..

NGINX 및 PHP-FPM 액세스 로그 설정 nginx access logs format $ vim /etc/nginx/nginx.conf ... log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$remote_addr"' ' REQ_TIME: $request_time s - CONNECT_TIME: $upstream_connect_time s - PHP-FPM_STATUS: $upstream_status'; $ nginx -t nginx: the configuration file /etc/ng..