男黑客渗透靶机是可以上传php的,怎么不被拿webshell?
男黑客渗透靶机,是提供文件上传功能的,并且可以直接拿webshell,但是有写童鞋说,拿webshell的靶机都不是好靶机,既然这样,那我就配置一下吧。禁止上传文件保存目录执行phpserver {listen 80;
root /home/wwwroot/nanhack_com/public_html;
server_name nanhack.com nanhack.com www.nanhack.com;
indexindex.html index.php index.htm;
error_page400 /errpage/400.html;
error_page403 /errpage/403.html;
error_page404 /errpage/404.html;
error_page503 /errpage/503.html;
location ~* ^/payload/upload/uploads/.*\.(php|php5)$
{
deny all;
}
location ~ \.php(.*)$ {
fastcgi_passunix:/tmp/php-70-cgi.sock;
fastcgi_indexindex.php;
fastcgi_paramSCRIPT_FILENAME$DOCUMENT_ROOT$fastcgi_script_name;
fastcgi_param PATH_INFO $2;
include fcgi.conf;
}
location ~ /\.ht {
denyall;
}
location / {
try_files $uri $uri/ /?$args;
}
}
以上是整个代码,其中最重要的代码是这个:location ~* ^/payload/upload/uploads/.*\.(php|php5)$
{
deny all;
}
配置以上代码,被保存的文件,将不会被拿webhsell
页:
[1]