分類彙整: 小技巧

nginx.conf https配置

發佈留言

仅供参考:

nginx.conf https


server
{
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name im66.net www.im66.net encrypted.im66.net secure.im66.net *.im66.net pcxingxing.com *.pcxingxing.com y.5loli.com;
index index.html index.htm index.php;
root /home/wwwroot/php;
charset utf-8;
ssl_certificate 1_5loli.com_bundle.crt;
ssl_certificate_key 2_5loli.com.key;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 EECDH+GCM AES128+EECDH EECDH+ECDSA+SHA256 EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 EECDH+aRSA+RC4 EECDH AES128 3DES !DHE !aNULL !eNULL !LOW !DES !MD5 !EXP !PSK !SRP !DSS !RC4";
ssl_ecdh_curve secp384r1;
ssl_dhparam dhparam.pem;
ssl_session_cache builtin:1000 shared:SSL:30m;
add_header Strict-Transport-Security "max-age=1115552002; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Last-Modified "Fri, 26 May 2006 01:14:04 GMT";
add_header Cache-Control "public, no-transform";
add_header Expires "Tue, 31 Dec 2012 00:00:00 GMT";
add_header X-XSS-Protection "1";
add_header X-UA-Compatible "edge";
etag off;

Http>HTTPS部分UA重定向


server {
listen 80;
listen [::]:80;
server_name im66.net www.im66.net encrypted.im66.net *.im66.net;
root /home/wwwroot/php;
if ($http_user_agent !~* "qihoobot|Baiduspider|BingBot|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot|MSIE [1-8]\.")
#rewrite ^/(.*) https://$server_name/$1 permanent;
{
return 301 https://encrypted.im66.net$request_uri;}
}

国内多家大型网站使用明文密码

發佈留言

黑客公开了多家国内大型网站的用户数据库。在经历了年初匿名组织攻击索尼等网站,泄漏上亿用户数据库的事件之后,此事本身并不让人惊奇。让人万分惊讶的这些数据库竟然大量使用明文密码。技术网站CSDN、在美国上市的社交网站人人网、游戏网站7K7K和178的用户数据库都包含了电子邮件地址和明文密码,多玩网的数据库则混杂了加密和明文密码。如果用户在多个网站上使用相同密码,他将面临身份窃取的巨大风险。为了改进安全,可以考虑使用基于Web的密码管理服务LastPass去管理密码,LastPass可以生成随机密码,用户只要记住一个主密码就可以了。今天并不是互联网的初创时代,对于为什么这么多大网站使用明文密码,有人推测可能是审查和监管要求。