Jack Duldi's questions

默认.vcl

    # Default backend definition. Set this to point to your content server.
    backend default {
        .host = "127.0.0.1";
        .port = "8080";
    }

    sub vcl_recv {
      # Set the X-Forwarded-For header so the backend can see the original
      # IP address. If one is already set by an upstream proxy, we'll just re-use that.

      #return(pass);

      if (req.method == "PURGE") {
         return (purge);
      }

      if (req.method == "XCGFULLBAN") {
         ban("req.http.host ~ .*");
         return (synth(200, "Full cache cleared"));
      }

      if (req.http.X-Requested-With == "XMLHttpRequest") {
         return(pass);
      }

      if (req.http.Authorization || req.method == "POST") {
         return (pass);
      }

      if (req.method != "GET" && req.method != "HEAD") {
         return (pass);
      }

      if (req.url ~ "(wp-admin|post\.php|edit\.php|wp-login|wp-json)") {
         return(pass);
      }

      if (req.url ~ "/wp-cron.php" || req.url ~ "preview=true") {
         return (pass);
      }
      if (req.url ~ "/xmlrpc.php" || req.url ~ "preview=true") {
         return (pass);
      }

      if ((req.http.host ~ "sitename.com" && req.url ~ "^some_specific_filename\.(css|js)")) {
         return (pass);
      }

    # Unset Cookies except for WordPress admin and WooCommerce pages
    if (!(req.url ~ "(cart|my-account/*|wc-api*|checkout|addons|logout|lost-password|ask-question|product/*)")) {
    unset req.http.cookie;
    }
    # Pass through the WooCommerce dynamic pages
    if (req.url ~ "^/(cart|my-account/*|checkout|wc-api/*|addons|logout|lost-password|ask-question|product/*)") {
    return (pass);
    }
    # Pass through the WooCommerce add to cart
    if (req.url ~ "\?add-to-cart=" ) {
    return (pass);
    }
    # Pass through the WooCommerce API
    if (req.url ~ "\?wc-api=" ) {
    return (pass);
    }

      set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");

      # Remove the wp-settings-1 cookie
      set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-1=[^;]+(; )?", "");

      # Remove the wp-settings-time-1 cookie
      set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-time-1=[^;]+(; )?", "");

      # Remove the wp test cookie
      set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=[^;]+(; )?", "");

      # Remove the PHPSESSID in members area cookie
      set req.http.Cookie = regsuball(req.http.Cookie, "PHPSESSID=[^;]+(; )?", "");

      unset req.http.Cookie;
    }

    sub vcl_purge {
        set req.method = "GET";
        set req.http.X-Purger = "Purged";

        #return (synth(200, "Purged"));
        return (restart);
    }

    sub vcl_backend_response {
        # Happens after we have read the response headers from the backend.
        #
        # Here you clean the response headers, removing silly Set-Cookie headers
        # and other mistakes your backend does.

        set beresp.grace = 12h;
        set beresp.ttl = 12h;
    }

    sub vcl_deliver {
        # Happens when we have all the pieces we need, and are about to send the
        # response to the client.
        #
        # You can do accounting or modifying the final object here.
    }

sub vcl_hash {
  if(req.http.X-Forwarded-Proto) {
    hash_data(req.http.X-Forwarded-Proto);
  }
  if(req.http.X-UA-Device ~ "(mobile|tablet)") {
    hash_data("mobile");
  }
}

设备检测.vcl

#
# Copyright (c) 2016-2018 Varnish Cache project
# Copyright (c) 2012-2016 Varnish Software AS
#
# SPDX-License-Identifier: BSD-2-Clause
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# detectdevice.vcl - regex based device detection for Varnish
# https://github.com/varnishcache/varnish-devicedetect/
#
# Original author: Lasse Karstensen <[email protected]>

sub devicedetect {
    unset req.http.X-UA-Device;
    set req.http.X-UA-Device = "pc";

    # Handle that a cookie may override the detection alltogether.
    if (req.http.Cookie ~ "(?i)X-UA-Device-force") {
        /* ;?? means zero or one ;, non-greedy to match the first. */
        set req.http.X-UA-Device = regsub(req.http.Cookie, "(?i).*X-UA-Device-force=([^;]+);??.*", "\1");
        /* Clean up our mess in the cookie header */
        set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *X-UA-Device-force=[^;]+;? *", "\1");
        /* If the cookie header is now empty, or just whitespace, unset it. */
        if (req.http.Cookie ~ "^ *$") { unset req.http.Cookie; }
    } else {
        if (req.http.User-Agent ~ "\(compatible; Googlebot-Mobile/2.1; \+http://www.google.com/bot.html\)" ||
            (req.http.User-Agent ~ "(Android|iPhone)" && req.http.User-Agent ~ "\(compatible.?; Googlebot/2.1.?; \+http://www.google.com/bot.html") ||
            (req.http.User-Agent ~ "(iPhone|Windows Phone)" && req.http.User-Agent ~ "\(compatible; bingbot/2.0; \+http://www.bing.com/bingbot.htm")) {
            set req.http.X-UA-Device = "mobile-bot"; }
        elsif (req.http.User-Agent ~ "(?i)(ads|google|bing|msn|yandex|baidu|ro|career|seznam|)bot" ||
            req.http.User-Agent ~ "(?i)(baidu|jike|symantec)spider" ||
            req.http.User-Agent ~ "(?i)pingdom" ||
            req.http.User-Agent ~ "(?i)facebookexternalhit" ||
            req.http.User-Agent ~ "(?i)scanner" ||
            req.http.User-Agent ~ "(?i)slurp" ||
            req.http.User-Agent ~ "(?i)(web)crawler") {
            set req.http.X-UA-Device = "bot"; }
        elsif (req.http.User-Agent ~ "(?i)ipad")        { set req.http.X-UA-Device = "tablet-ipad"; }
        elsif (req.http.User-Agent ~ "(?i)ip(hone|od)") { set req.http.X-UA-Device = "mobile-iphone"; }
        /* how do we differ between an android phone and an android tablet?
           http://stackoverflow.com/questions/5341637/how-do-detect-android-tablets-in-general-useragent */
        elsif (req.http.User-Agent ~ "(?i)android.*(mobile|mini)") { set req.http.X-UA-Device = "mobile-android"; }
        // android 3/honeycomb was just about tablet-only, and any phones will probably handle a bigger page layout.
        elsif (req.http.User-Agent ~ "(?i)android 3")              { set req.http.X-UA-Device = "tablet-android"; }
        /* Opera Mobile */
        elsif (req.http.User-Agent ~ "Opera Mobi")                  { set req.http.X-UA-Device = "mobile-smartphone"; }
        // May very well give false positives towards android tablets. Suggestions welcome.
        elsif (req.http.User-Agent ~ "(?i)android")         { set req.http.X-UA-Device = "tablet-android"; }
        elsif (req.http.User-Agent ~ "PlayBook; U; RIM Tablet")         { set req.http.X-UA-Device = "tablet-rim"; }
        elsif (req.http.User-Agent ~ "hp-tablet.*TouchPad")         { set req.http.X-UA-Device = "tablet-hp"; }
        elsif (req.http.User-Agent ~ "Kindle/3")         { set req.http.X-UA-Device = "tablet-kindle"; }
        elsif (req.http.User-Agent ~ "Touch.+Tablet PC" ||
            req.http.User-Agent ~ "Windows NT [0-9.]+; ARM;" ) {
                set req.http.X-UA-Device = "tablet-microsoft";
        }
        elsif (req.http.User-Agent ~ "Mobile.+Firefox")     { set req.http.X-UA-Device = "mobile-firefoxos"; }
        elsif (req.http.User-Agent ~ "^HTC" ||
            req.http.User-Agent ~ "Fennec" ||
            req.http.User-Agent ~ "IEMobile" ||
            req.http.User-Agent ~ "BlackBerry" ||
            req.http.User-Agent ~ "BB10.*Mobile" ||
            req.http.User-Agent ~ "GT-.*Build/GINGERBREAD" ||
            req.http.User-Agent ~ "SymbianOS.*AppleWebKit") {
            set req.http.X-UA-Device = "mobile-smartphone";
        }
        elsif (req.http.User-Agent ~ "(?i)symbian" ||
            req.http.User-Agent ~ "(?i)^sonyericsson" ||
            req.http.User-Agent ~ "(?i)^nokia" ||
            req.http.User-Agent ~ "(?i)^samsung" ||
            req.http.User-Agent ~ "(?i)^lg" ||
            req.http.User-Agent ~ "(?i)bada" ||
            req.http.User-Agent ~ "(?i)blazer" ||
            req.http.User-Agent ~ "(?i)cellphone" ||
            req.http.User-Agent ~ "(?i)iemobile" ||
            req.http.User-Agent ~ "(?i)midp-2.0" ||
            req.http.User-Agent ~ "(?i)u990" ||
            req.http.User-Agent ~ "(?i)netfront" ||
            req.http.User-Agent ~ "(?i)opera mini" ||
            req.http.User-Agent ~ "(?i)palm" ||
            req.http.User-Agent ~ "(?i)nintendo wii" ||
            req.http.User-Agent ~ "(?i)playstation portable" ||
            req.http.User-Agent ~ "(?i)portalmmm" ||
            req.http.User-Agent ~ "(?i)proxinet" ||
            req.http.User-Agent ~ "(?i)windows\ ?ce" ||
            req.http.User-Agent ~ "(?i)winwap" ||
            req.http.User-Agent ~ "(?i)eudoraweb" ||
            req.http.User-Agent ~ "(?i)htc" ||
            req.http.User-Agent ~ "(?i)240x320" ||
            req.http.User-Agent ~ "(?i)avantgo") {
            set req.http.X-UA-Device = "mobile-generic";
        }
    }
}

添加清漆后网站停止响应

我怎样才能修复网站的响应能力...？

http 版本由 nginx 处理，https 由 apache 处理。

现在我的问题是，例如，当您键入https://sitename.com/contact/时，它可以正常工作，但是当您键入http://sitename.com/contact/时，它会重定向到主页https://www.sitename。 com

以上是我的 nginx 配置。

server {

        root /var/www/html/;
        index index.php index.html index.htm;

        server_name sitename.com www.sitename.com;

        location / {
        try_files $uri $uri/ /index.php;
        }

        location ~ \.php$ {

        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8080;

         }

         location ~ /\.ht {
                deny all;
        }



    listen 80; # managed by Certbot

}

我在我的centos 8机器上发现了一些奇怪的过程检查上面的照片：

当我键入时，cat /etc/passwd我在任何地方都看不到用户 990，这个kinsing过程也很奇怪，因为这与最初使用 redis 感染我的机器的过程相同。

我怎样才能找到这个并弄清楚发生了什么？我已经从我的系统中删除了它卸载redis也删除了用于运行矿工进程的redis用户名，但是我感兴趣的图像中运行的进程很明显他们仍然在我的系统中有一些东西我怎么能找到在哪里运行此过程的文件？以及运行此进程的这个 990 用户名是谁。

我刚刚发现的有关该过程的其他信息：

ls -la /proc/41325/exe
lrwxrwxrwx 1 990 987 0 Feb 28 21:53 /proc/41325/exe -> '/var/tmp/kinsing (deleted)'

如何从我的 Centos 8 机器上完全卸载 redis？

我有一个通过 redis 不断进入的恶意软件

41533 redis     20   0 5883224   4.4g   2776 S  1593  13.9  13507:24 kdevtmpfsi

备份文件的最佳命令行是什么？

tar -czf /backup/backup.tar.gz /var/www/html

或者

tar -czvf /backup/backup.tar.gz /var/www/html

这和这有什么区别？

附言

# tar -czf /backup/backup.tar.gz /var/www/html tar: Removing leading `/' from member names

我得到这个错误为什么？