首页 编程开发正文

dedecms IIS7+ 防入侵加固

wintop 编程开发 2021-11-28 109 0

dedecms 的漏洞可谓是很多,防不胜防。用IIS 7+ 的用户可按照下面的方式去做伪静态限制。

把执行html目录,data session目录,放到下面。这样就可以起到加固的作用,即便是被写入 php文件,入侵者也是无法执行PHP文件。

<configuration>
<system.webServer>
<handlers accessPolicy="Read, Execute, Script" />
<rewrite>
<rules>
    <rule name="Block data" stopProcessing="true">
      <match url="^hangqing/(.*).php$" />
        <conditions logicalGrouping="MatchAny">
         <add input="{USER_AGENT}" pattern="data" />
         <add input="{REMOTE_ADDR}" pattern="" />
       </conditions>
      <action type="AbortRequest" />
    </rule>
    <rule name="Block templets" stopProcessing="true">
      <match url="^zhishi/(.*).php$" />
         <conditions logicalGrouping="MatchAny">
          <add input="{USER_AGENT}" pattern="templets" />
          <add input="{REMOTE_ADDR}" pattern="" />
        </conditions>
      <action type="AbortRequest" />
    </rule>
    <rule name="Block SomeRobot" stopProcessing="true">
       <match url="^news/(.*).php$" />
          <conditions logicalGrouping="MatchAny">
             <add input="{USER_AGENT}" pattern="SomeRobot" />
             <add input="{REMOTE_ADDR}" pattern="" />
          </conditions>
        <action type="AbortRequest" />
    </rule>
    <rule name="Block chanpin" stopProcessing="true">
       <match url="^chanpin/(.*).php$" />
          <conditions logicalGrouping="MatchAny">
             <add input="{USER_AGENT}" pattern="chanpin" />
             <add input="{REMOTE_ADDR}" pattern="" />
          </conditions>
        <action type="AbortRequest" />
    </rule>
    <rule name="Block lianxi" stopProcessing="true">
       <match url="^lianxi/(.*).php$" />
          <conditions logicalGrouping="MatchAny">
             <add input="{USER_AGENT}" pattern="lianxi" />
             <add input="{REMOTE_ADDR}" pattern="" />
          </conditions>
        <action type="AbortRequest" />
    </rule>
    <rule name="Block datAP" stopProcessing="true">
       <match url="^data/(.*).php$" />
          <conditions logicalGrouping="MatchAny">
             <add input="{USER_AGENT}" pattern="datap"/>
             <add input="{REMOTE_ADDR}" pattern="" />
          </conditions>
        <action type="AbortRequest" />
    </rule>
</rules>
</rewrite>
</system.webServer>
</configuration>


版权声明

本文仅代表作者观点,不代表本站立场。
本文系作者授权发表,未经许可,不得转载。

评论