HTTPS SSL暴露使用CDN后的真实服务器IP 付修复教程-至强防御

HTTPS SSL暴露使用CDN后的真实服务器IP 付修复教程

作者：admin 1970-01-01

有一个坑爹的网站

时刻在全网扫描激活的IP地址，然后利用nginx一个“漏洞”来检查IP对应的域名，并做了对应关系。如果服务器是nginx的web服务，可以直接通过https://ip地址来访问，默认调用了你的域名证书,导致被记录到IP

nginx会向浏览器发送默认的SSL证书，通过查看证书详情可以找到对应的域名。如果两厢匹配，那么你的站就被这个坑爹的网站给记录了，搜索域名或IP就能找到关联信息。

下付修复教程以宝塔面板为例：

第一步:

创建一个虚假网站

第二步:

将该网站设置为默认网站

第三步:

设置虚假SSL证书这里提供一份虚假证书

证书内容填入宝塔SSL设置-其他证书-证书(PEM格式):

-----BEGIN CERTIFICATE-----
MIID0zCCArugAwIBAgIRALhyjOmLTkchl8tGOO2JA+8wDQYJKoZIhvcNAQELBQAw
XjELMAkGA1UEBhMCQ04xDjAMBgNVBAoTBU15U1NMMSswKQYDVQQLEyJNeVNTTCBU
ZXN0IFJTQSAtIEZvciB0ZXN0IHVzZSBvbmx5MRIwEAYDVQQDEwlNeVNTTC5jb20w
HhcNMjMwNDEyMDQ1NjE5WhcNMjQwNDExMDQ1NjE5WjAeMQswCQYDVQQGEwJDTjEP
MA0GA1UEAxMGaXAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
6BsH3j23YTe914+Xb73NbKjqmmO1mkISPLtXh/Z+2GKXS/evEvZyy7fzc0o8L5Y+
yAj0DD2aE1LhpRY++J5QOaRgjIgi3lCPqKq+bKfUjme9uLlX1zyY88lNVCzi55Me
fCOlMmT9ndsqZvAF3uR1V7+Nzw4vSFUVLJa06mUhkSJD5v/j1WoFU1nryl0iNUOl
0tGUEyUM7yUJMkmoK31kwEAW6tk5EorXEjCHHMRP0JN9Dqr/l2fFGDtHbUIWqpPG
HUKQbFEgodKcoPoO0XELUvNUYox8rExtTUkPTggR1GMVdzupjtMP0oQzF5DFFko3
VDDdwCWkto2aHZqD5tnwjQIDAQABo4HLMIHIMA4GA1UdDwEB/wQEAwIFoDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUKIEmBdE0Gj/B
cw+7k88VHD8Dv38wYwYIKwYBBQUHAQEEVzBVMCEGCCsGAQUFBzABhhVodHRwOi8v
b2NzcC5teXNzbC5jb20wMAYIKwYBBQUHMAKGJGh0dHA6Ly9jYS5teXNzbC5jb20v
bXlzc2x0ZXN0cnNhLmNydDARBgNVHREECjAIggZpcC5jb20wDQYJKoZIhvcNAQEL
BQADggEBALcOrXT3F4tSEtqN1g8Jmg7De+RE+f6UGfE5kWWoKk5WVGzroe50qMfu
J+reFPH8S1faXACG+CWzOaqzWxBZ/PbbM1RvrlxJGp2IZCmuYFVnP9hT7m7qZHNw
4dzCtSrFp2JYtFVRyOHx7IVlfFPbHy01cwlWu2IFWo8biF59vqSsu9MponxfEfGd
KMSS6VHKhW7q4zEe7YxceW7/+QGsGp/qLolA9d2FOO2EG3WLGqWABgA/irRJf0Qy
JozhtOGjHNxpzKXoUIfA36kAqyQfOdwnCM9yHNRgI/gbp/ckONNNDICjiWMjunGH
QHkm5DwJvnj6YCAZrEm1DWxLqWP0QR8=
-----END CERTIFICATE-----

填入宝塔 SSL设置-其它证书-秘钥处
证书秘钥

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA6BsH3j23YTe914+Xb73NbKjqmmO1mkISPLtXh/Z+2GKXS/ev
EvZyy7fzc0o8L5Y+yAj0DD2aE1LhpRY++J5QOaRgjIgi3lCPqKq+bKfUjme9uLlX
1zyY88lNVCzi55MefCOlMmT9ndsqZvAF3uR1V7+Nzw4vSFUVLJa06mUhkSJD5v/j
1WoFU1nryl0iNUOl0tGUEyUM7yUJMkmoK31kwEAW6tk5EorXEjCHHMRP0JN9Dqr/
l2fFGDtHbUIWqpPGHUKQbFEgodKcoPoO0XELUvNUYox8rExtTUkPTggR1GMVdzup
jtMP0oQzF5DFFko3VDDdwCWkto2aHZqD5tnwjQIDAQABAoIBAQDdHptRU1R3jqYS
TV7E+npQ0V+nM+SXj+hV6VhLVD6loM9odQ9aLmVQxO9uX0OVRjqLUVRGsQ0u6Z/E
KbxWGGRvdbTxTOSDDRa/ZeLCGuV5wUVSTWhsyfMhFR7RWW3VlifNthu0NdgT4e60
YGgHX3iW3wuXPXk4HK5uayjxwOTIoJ6PqOpC4Nng/3/SD9GB2gYrWVa2u3ahtSwQ
YeaB4DiL1AUflSQ/uVPJrc6WTzxOlZpxrxZw+yGu77ZYR+VqaHb4uaZAwSaO2C8h
i9fOPvhLHCHnsKZ1eMlYhKg04KnTTjX+xfLGXF/HQrTSdhcOEoSPeCDl052rttP0
HQR+bgk1AoGBAOzC+gPay6UTPs0hVNfR/OnDeULEFa8SjB8iGpitCQcEP0oxdzg7
GN7F4jPv6dS0QaV5tXGJO8vUQPk306mg984vdpDgTs0nIOwR280zJ4RsFfOP+TmO
PLgVQ7wo+SHULzaPmnombTsHcNtWfoFmmHQYW5XdHHGlMIjhu1fnNBGrAoGBAPr3
M3U3ltDrCDfh/7PJVGehPyh7cdU/lz8Wj1TBrOconNoThJG3flrOkJef4gsZsAy3
TQNVvl7zqgzEvigkxiRpcR/JHzLpMGeDkmtiG8pXtu8fej7wUmhaoZEFCB63GU7X
kr7z415SXJ5HLdYozTHlU7gaYyxz5zTiyywh0T6nAoGAZEIMbSVxpu2HYoYCz4F0
f+juqH8wT3qjK2vdp1lewUHjKx/XRFCCL5PMPgISGqhaRCBN3U4nrCCtgttJHkOz
q/QdWSwjMmynXFATq8lFqqW6hfEpsF2zCKC4li0jklevxoL4/1DWYHC+MaNm3pT7
ae4GmmePa/BvpQcxtf+J5RECgYEAsxKuogYvVBVQwOc+2F9hHay97zneKMZ+OmLz
lQu5PxwIh8cDgiJHQ64/GCHaXgdPSlOE3UtSUlhVT1UXRneu9o5STNbqrx4bDtGg
KYVQxRm/i3KPfNdoRdPdkyfe+mO16D8EE8LcyxHDyqCJgVWNzPuQuD4D49Uz9dWa
GXxr3OMCgYBEbr6ltBH0q28nanKaPgSP+pj92pJRulVjskvcdqmnWukmMeRRfh26
mlVl3NCrUK3MScPkml5lSJRy1DnoQpe4wivOMu67qqogbveP+V37ajZGFVpbsviF
P1HQfQxUYwRMKBB4dX36m7Yipl4FWKVWf8cESMxecQdgDaSFdfUjyA==
-----END RSA PRIVATE KEY-----

修复前后对比:

修复前访问HTTPS://IP 点小锁会显示你的域名

上一篇：Centos7防火墙端口教程

下一篇：阿里云添加CDN节点IP白名单