标签: 规则

Typecho的伪静态规则

一、Apache

RewriteEngine On # 下面是在根目录,文件夹要修改路径,如 /typecho/,同时 RewriteRule 也要跟着变

RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /index.php/$1 [L]

外加一个顶级域名和二级域名的跳转

# 带 www 的跳转到不带的
RewriteCond %{HTTP_HOST} ^www.moper.me
RewriteRule (.*) https://moper.me/$1 [R=301,L]

# 不带 www 的跳转到带的
RewriteCond %{HTTP_HOST} ^moper.me
RewriteRule (.*) https://www.moper.me/$1 [R=301,L]

注:最新的 SVN 在后台启用重写功能的时候能自动生成 .htaccess 文件。

二、Nginx

location / {
index index.html index.php;
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
if (-f $request_filename/index.php) {
rewrite (.*) $1/index.php;
}
if (!-f $request_filename) {
rewrite (.*) /index.php;
}
}

三、SEA

name: taoblogs
version: 1
#cron:
# - description: cron test
# url: index.php
# schedule: every 43 mins
# timezone: Beijing
handle:
- rewrite: if(!is_dir() && !is_file()) goto "index.php?%{QUERY_STRING}"

四、IIS 下的 httpd.ini

不完美,可参考修改。

[ISAPI_Rewrite]
# 3600 = 1 hour
CacheClockRate 3600
RepeatLimit 32
# 中文tag解决
RewriteRule /tag/(.*) /index\.php\?tag=$1
# sitemapxml
RewriteRule /sitemap.xml /sitemap.xml [L]
RewriteRule /favicon.ico /favicon.ico [L]
# 内容页
RewriteRule /(.*).html /index.php/$1.html [L]
# 评论
RewriteRule /(.*)/comment /index.php/$1/comment [L]
# 分类页
RewriteRule /category/(.*) /index.php/category/$1 [L]
# 分页
RewriteRule /page/(.*) /index.php/page/$1 [L]
# 搜索页
RewriteRule /search/(.*) /index.php/search/$1 [L]
# feed
RewriteRule /feed/(.*) /index.php/feed/$1 [L]
# 日期归档
RewriteRule /2(.*) /index.php/2$1 [L]
# 上传图片等
RewriteRule /action(.*) /index.php/action$1 [L]

以下好像是WP的,只做参考用

[ISAPI_Rewrite]
# 3600 = 1 hour
CacheClockRate 3600
RepeatLimit 32
# Protect httpd.ini and httpd.parse.errors files
# from accessing through HTTP
# Rules to ensure that normal content gets through
RewriteRule /sitemap.xml /sitemap.xml [L]
RewriteRule /favicon.ico /favicon.ico [L]
# For file-based wordpress content (i.e. theme), admin, etc.
RewriteRule /wp-(.*) /wp-$1 [L]
# For normal wordpress content, via index.php
RewriteRule ^/$ /index.php [L]
RewriteRule /(.*) /index.php/$1 [L]

注:记得到后台永久链接设置里,启用地址重写功能。

转自http://zhangtao.cc/jiaocheng/typecho_rewrite.html

一些有用的iptables规则

iptables -I INPUT -p tcp –dport 80 -m connlimit –connlimit-above 30 -j REJECT
允许单个IP的最大连接数为 30

iptables -t filter -A INPUT -p tcp –dport 80 –tcp-flags FIN,SYN,RST,ACK SYN -m connlimit –connlimit-above 10 –connlimit-mask 32 -j REJECT
iptables限制单个地址的并发连接数量

iptables -t filter -A INPUT -p tcp –dport 80 –tcp-flags FIN,SYN,RST,ACK SYN -m connlimit –connlimit-above 10 –connlimit-mask 24 -j REJECT
使用iptables限制单个c类子网的并发链接数量

iptables -A INPUT -s 192.168.0.8|192.168.0.0/24 -p tcp –dport 22 -j ACCEPT
只允许某IP或某网段的机器进行SSH连接

iptables -A FORWARD -p TCP ! –syn -m state –state NEW -j DROP
丢弃坏的TCP包

iptables -A FORWARD -f -m limit –limit 100/s –limit-burst 100 -j ACCEPT
处理IP碎片数量,防止攻击,允许每秒100个

iptables -A FORWARD -p icmp -m limit –limit 1/s –limit-burst 10 -j ACCEPT
设置ICMP包过滤,允许每秒1个包,限制触发条件是10个包

iptables -A FORWARD -m state –state INVALID -j DROP
iptables -A INPUT -m state –state INVALID -j DROP
iptables -A OUTPUT -m state –state INVALID -j DROP
禁止非法连接

iptables -N syn-flood
iptables -A INPUT -p tcp –syn -j syn-flood
iptables -A syn-flood -p tcp -m limit –limit 3/s –limit-burst 6 -j RETURN
iptables -A syn-flood -j REJECT
防止SYN攻击 轻量

iptables -A INPUT -p tcp –syn –dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp –syn –dport 22 -j ACCEPT
允许访问22端口

iptables -A INPUT -p tcp –syn –dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp –syn –dport 80 -j ACCEPT
允许访问80端口

iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT
禁止其他未允许的规则访问(注意:如果22端口未加入允许规则,SSH链接会直接断开。)