常见网站安全漏洞处理方法

如果使用nginx

nginx.conf 文件中设置 http{ } 或 server{ }

add_header Set-Cookie “HttpOnly”;

add_header Set-Cookie “Secure”;

如果使用IIS

<rewrite>

<outboundRules>

<rule name=”Add HttpOnly”>

<match serverVariable=”RESPONSE_Set_Cookie” pattern=”.*” />

<conditions>

<add input=”{R:0}” pattern=”; HttpOnly” negate=”true” />

</conditions>

<action type=”Rewrite” value=”{R:0}; HttpOnly” />

</rule>

<rule name=”Add Secure”>

<match serverVariable=”RESPONSE_Set_Cookie” pattern=”.*” />

<conditions>

<add input=”{R:0}” pattern=”; Secure” negate=”true” />

</conditions>

<action type=”Rewrite” value=”{R:0}; Secure” />

</rule>

</outboundRules>

</rewrite>