Sign up

If I refresh any pages over 5 times ,nginx 403 forbidden .but 10 seconds passed, all pages work normal again

Enviroment:centos7+openresty+csf firwall +php7+waf firewall

Issue:http and https work well,but,when I began to refresh any page over 5 times in about 3 seconds,it shows nginx 403 forbidden ,10 seconds passed,all work well again. Please tell me how to fix this kind of issue.

Here are my nginx.conf and error.log files

error.log:
 
2018/09/05 02:46:56 [notice] 22581#22581: 3260 "^(.)" matches "/robots.txt", client: 162.158.107.13, server: 19.162.19.38, request: "GET /robots.txt HTTP/1.1", host: "www.mydomain.com"



2018/09/05 02:46:56 [notice] 22581#22581: *3260 rewritten redirect: "https://www.mydomain.com/robots.txt", client: 162.158.107.13, server: 19.162.19.38, request: "GET /robots.txt HTTP/1.1", host: "www.mydomain.com"



2018/09/05 02:46:57 [notice] 22581#22581: 3262 "^(.)" matches "/", client: 108.162.245.124, server: 19.162.19.38, request: "GET /?/category-22__is_recommend-1 HTTP/1.1", host: "www.mydomains.com"



2018/09/05 02:46:57 [notice] 22581#22581: *3262 rewritten redirect: "https://www.mydomain.com/%3F/c ... ot%3B, client: 108.162.245.124, server: 39.12.21.38, request: "GET /?/category-22__is_recommend-1 HTTP/1.1", host: "www.mydomain.com"



2018/09/05 02:50:03 [error] 22581#22581: *3265 open() "/usr/local/openresty/nginx/html/crond/run/1535740897" width="1" height="1" />" failed (2: No such file or directory), client: 119.162.19.388, server: www.mydomain.com, request: "GET /crond/run/1535740897%22%20width%3D%221%22%20height%3D%221%22%20/%3E HTTP/1.1", host: "mydomain.com"



2018/09/05 02:51:28 [error] 22581#22581: *3272 open() "/usr/local/openresty/nginx/html/apple-touch-icon-precomposed.png" failed (2: No such file or directory), client: 173.245.48.63, server: www.mydomain.com, request: "GET /apple-touch-icon-precomposed.png HTTP/1.1", host: "www.mydomain.com"



2018/09/05 02:51:29 [error] 22581#22581: *3273 open() "/usr/local/openresty/nginx/html/apple-touch-icon.png" failed (2: No such file or directory), client: 162.158.58.159, server: www.mydomain.com, request: "GET /apple-touch-icon.png HTTP/1.1", host: "www.mydomain.com"



2018/09/05 02:53:11 [error] 22581#22581: *3295 open() "/usr/local/openresty/nginx/html/favicon.ico" failed (2: No such file or directory), client: 172.69.33.113, server: www.mydomain.com, request: "GET /favicon.ico HTTP/1.1", host: "www.mydomain.com", referrer: "[url=https://www.mydomain.com/?/"
]https://www.mydomain.com/?/"

[/url] 


and nginx.conf:


user root;



worker_processes 1;



#error_log logs/error.log;



error_log logs/error.log debug;



#error_log logs/error.log info;



pid logs/nginx.pid;



events {



worker_connections  1024;

}



http {



include       mime.types;



default_type  application/octet-stream;



#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

#                  '$status $body_bytes_sent "$http_referer" '

#                  '"$http_user_agent" "$http_x_forwarded_for"';



#access_log  logs/access.log  main;



sendfile        on;

#tcp_nopush     on;



#keepalive_timeout  0;

keepalive_timeout  65;



client_max_body_size 8m;    

client_body_buffer_size 2m;  



fastcgi_buffers 8 16k;

fastcgi_buffer_size 32k;

fastcgi_connect_timeout 300;

fastcgi_send_timeout 300;

fastcgi_read_timeout 300;



gzip  on;

#WAF



lua_shared_dict limit 50m;

lua_shared_dict guard_dict 100m;

lua_shared_dict dict_captcha 70m;

lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua";

init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua";

access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";











server {

    listen       80;

    listen       [::]:80 ipv6only=on default_server;

    server_name  39.2.19.38;

    rewrite ^(.*) https://$host$1 permanent;





    #charset koi8-r;



    #access_log  logs/host.access.log  main;



    location / {

        root   html;

        index  index.php index.html index.htm;

    }



    #error_page  404              /404.html;



    # redirect server error pages to the static page /50x.html

    #

    error_page   500 502 503 504  /50x.html;

    location = /50x.html {

        root   html;

    }



    # proxy the PHP scripts to Apache listening on 127.0.0.1:80

    #

    #location ~ \.php$ {

    #    proxy_pass   http://127.0.0.1;

    #}



    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

    #

    location ~ \.php$ {

       root           html;

       fastcgi_pass   127.0.0.1:9000;

       fastcgi_index  index.php;

       fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

       include        fastcgi_params;

    }



    # deny access to .htaccess files, if Apache's document root

    # concurs with nginx's one

    #

    #location ~ /\.ht {

    #    deny  all;

    #}

}





# another virtual host using mix of IP-, name-, and port-based configuration

#

#server {

#    listen       8000;

#    listen       somename:8080;

#    server_name  somename  alias  another.alias;



#    location / {

#        root   html;

#        index  index.html index.htm;

#    }

#}





# HTTPS server

#

server {

    listen       443 ssl http2;

    server_name  www.mydomain.com;



    charset  utf-8;

    ssl on;

    default_type  text/plain;

    

   ssl_certificate       1_www.mydomain.com_bundle.crt;

   ssl_certificate_key   2_www.mydomain.com.key;

   



   ssl_session_cache    shared:SSL:1m;

   ssl_session_timeout  5m;

   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;



   ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

   ssl_prefer_server_ciphers  on;



    location / {

        root   html;

        index  index.html index.htm index.php;

    }



   location ~ /phpmyadmin/.+\.php$ {

        if ($fastcgi_script_name ~ /phpmyadmin/(.+\.php.*)$) {

         set $valid_fastcgi_script_name $1;

        }

         include fastcgi_params;

         fastcgi_pass 127.0.0.1:9000;

         fastcgi_index index.php;

         fastcgi_param SCRIPT_FILENAME /usr/share/phpMyAdmin/$valid_fastcgi_script_name;

     }



    location ~ \.php$ {

       

        fastcgi_pass   127.0.0.1:9000;

        

        fastcgi_index  index.php;

        

        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

      

        include        fastcgi_params;

    }







}

}
2018-09-04 Is this question clearly described?
Pay Tips

No search results

    You already invited:
    Anonymous User

    Anonymous

    Upvotes from:

    nginx.conf is right ,you can check out your waf and csf firewall carefully.Did you set wrong ip rate?
    2018-09-10 0 0
    Pay Tips
    Why were these answers hidden? 0 answers were hidden

    If you wanna answer this question please Login or Register

    Copyright © 2024, All Rights Reserved | kiwikiwifly Escrow Services | Advertising | Buyer Protection | Software Development Services

    About Us | Business Identity | Partner Program | Affiliate Program | Careers | Other IT Support Services | Contact Us | Submit a Ticket | 简体中文

    If you think this website is useful for your life,please tell your 5 friends around you,or snapshot it and send to your family members by phone.