网络安全学无止境,你费劲千辛万苦做的安全策略,可能用工具扫描一下,就把源站IP、端口等给暴露出来了。
即使接入了 CDN 也无济于事,工具可以通过 SSL 证书暴露的 IP 找到你。
下面讲一下,通过宝塔面板(aaPanel)实现防止扫描工具通过 SSL 暴露 IP 的方法:
- 创建一个静态站点,域名随便填:
- 将默认站点设置为刚刚创建的站点:
- 给站点配置一个空证书,我用测试证书申请的,如果网站无法访问,可以搜索引擎搜索“测试证书”,找到工具站生成。
- 保存证书,并开启强制HTTPS:
如果没找到生成证书的网站,可以直接用我生成的,有效期至2099年:
密钥(KEY):
-----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCsaPnKq4uCcgF6 4tA0dxydma3 UXKvA5PjeKlyLeI43ji5dAGmUqJqw2bQ19lECeW/eKDwyVLSq38X fGuC50ZuA5vuCwKBNahBvCWfaJ97S1m/ImqNKvUwg /qUuUHmTAgnT22U3LLgEZw HtTfsorrBEXPWLilo2FQCakJ1cde/0LLlp5TGVVCCT lp1Y2OSD7yv7EdSv80qQ2 DG7XBf2bMGcVjnbxFkUlJYu80ADutWsA02FMkZm IbkVYMuNfInEmnKRVio9LBkn wBjl5QdeixycZimGuTIDAZKlc2BzWX1oRKz6zC7im9BCotLISAdqs3q /QtXUydI WJcd6wLzAgMBAAECggEAV8jnjtsDoLqdqE0 R8hyKIisP/aGlzgSH9s7I6jbK6ty ZHL9uAsRKZ0uh52vwWXsti4cfB1171Bk2LeAIlnR0YhC59RxRQrmDfpXibACrAt0 uc4zRIef6kDzcnMcrF7CU4jceC5LH/TDaKk6KGBHPVyiku2Qrr3eeZtBl4FjDynA /HWyEchxNMZ60y37QFSxFlMH7Db8cdpFs/Okzn3LV14mTP4K10Ixs7FfJMyDlcxa /HdgISTWANG8jUl/pBxc8nB55uPS heK8HjfMJW er6WuimgPotcEE5BA/x32SKV nASQBhS7fvLWne1tFRrvdK53 44wHjjPhwoLvgBfeQKBgQDiBcoJDQCp3AEPFgAG OgxaYdCd43wOgqCjhB27Yanr31aZ7Kadfg6RU/9bQUXXLQnuoE19bOEp8q5xSCne wCMcUXZ03gTM3qZIPPphJObjnBGuhjbXpYkqPRLiUwZrxw5PLFJXMkLbp4Gdfo P mvsTnms2CA/k7cOp1hzQjtqAtQKBgQDDRt04GpneyFVDeYeUH5538UZCGvj41JYn WAQxCXV r/SrqeWCw3IOh3QRJlD/Ze5Y35SXporUFUFD5YDIKieq KwrnQKnNfsi A/XUhvqp821xbQD4r6N4hy6vMzaKf5wetaKf9vHpBHIooh6b4b2xUykfnwrzJXNt tHG/k8BGBwKBgQDe1uJYhg9PaO9KVmBzwyuGuMWbxTr8e2GxlYJSynljanDRlXa3 9B6cvfoXmIUpHuiZ8kY0EPL2DqRaX9GYIkr7kn19v59v9VxwAF7DBET3x1nPfdf4 SOaxVEGYDk9YV4sOGB6ehZlRQxcRlkQoS56buybswIobJSgx/D2wigd3uQKBgQCL G4ovk1OVjqSeoo5giH2899WS9d/yco5cjKi/vftDOllTiH4EvvIbQ4b9SIxew Ac 03jo5yzylAmgMnehH9aORwNvNjRTpXK28pdGxLkAJHcMXBhbD9Ol4rbw 8yYsPso LUAiMCp4UkB4jbS8Wv1kutcKvaNxPnaR6f81 Cz6NQKBgQDQkBU9LdN/4fru/qC1 IrzReMRc2abUGzUvEfw/RHsiNAwtNvRqPdod0sXtk HlsJw9XKK wMb8YAicm4O A LrVLC96GskD2rdmL6Q4Ba/t6rl7SHhf GeLx0P/8Epd/gNp6Ag0OHL8yAfFZGY He3r0GpOpxPCsfW icj8oZFdTg== -----END PRIVATE KEY-----
证书(CRT/PEM):
-----BEGIN CERTIFICATE----- MIIDgTCCAmmgAwIBAgIUY3AAIzlwAhrE8uDpBBr8tXB74QYwDQYJKoZIhvcNAQEN BQAwQTEZMBcGA1UEAwwQVHJ1c3RBc2lhIFJTQSBEVjEXMBUGA1UECgwOVHJ1c3RB c2lhIEluYy4xCzAJBgNVBAYTAlVTMCAXDTIzMTExODEwMDAwMFoYDzIwOTkxMjMx MTAwMDAwWjB6MQswCQYDVQQGEwJVUzEPMA0GA1UECAwG5YyX5LqsMQ8wDQYDVQQH DAbljJfkuqwxDzANBgNVBAoMBuS4reWkrjESMBAGA1UECwwJ5aSW5Lqk6YOoMSQw IgYDVQQDDBvojYnms6XpqazmiavkvaDniLnlubLlmJsuY28wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCsaPnKq4uCcgF64tA0dxydma3 UXKvA5PjeKly LeI43ji5dAGmUqJqw2bQ19lECeW/eKDwyVLSq38XfGuC50ZuA5vuCwKBNahBvCWf aJ97S1m/ImqNKvUwg /qUuUHmTAgnT22U3LLgEZwHtTfsorrBEXPWLilo2FQCakJ 1cde/0LLlp5TGVVCCT lp1Y2OSD7yv7EdSv80qQ2DG7XBf2bMGcVjnbxFkUlJYu8 0ADutWsA02FMkZm IbkVYMuNfInEmnKRVio9LBknwBjl5QdeixycZimGuTIDAZKl c2BzWX1oRKz6zC7im9BCotLISAdqs3q /QtXUydIWJcd6wLzAgMBAAGjNjA0MCQG A1UdEQQdMBuCGWNhb25pbWFzYW9uaWRpZWdhbm1hLmZ1Y2swDAYDVR0TAQH/BAIw ADANBgkqhkiG9w0BAQ0FAAOCAQEANSqrGsy1jlH974poxoa/mzcAoHLQBBG498my dB2z1XXiwRogUgLn4yZ1g0HH6owS cz4XzT7j mX2/gGlf/06xfe9uVEHfDTJpAb Tu5zDuAJEceFTHjX9IwhNKnuvHjhf6xLzRR 4QU QivRCjlYnPNDVpBxIMl30UyE ueOfb7yyZcAUDApAxA3UrOesv H7NkK4oZ0aX4C5YrvZ0YQ38w1M1QeFCXEuU5XK Wl7vY9qGTUxxX/IFMO7phGTu66rTyPXgQ/dRwzMz7bPniAN9mxSRPQHo/30t/Bn8 u7IAWeaT/a36 FcwoDweagJwa2CwG 6y/MHp/ti5lSP/6qp7pg== -----END CERTIFICATE-----
这样就可以防止扫描工具通过 SSL 证书暴露源站 IP 了,一般扫描网站都会有延长,24小时后查看效果。
未经允许不得转载:Web前端开发资源网 » 利用aaPanel宝塔面板防止SSL证书暴露源站IP
推荐阅读:
百度站长平台https站点提交sitemap显示“抓取失败”的解决方法
Vue.js学习笔记——事件监听
HTML引入文件的绝对路径、相对路径、根目录
利用css中的伪类 给元素设置特殊样式效果
判断网页是通过PC端还是移动终端打开的