gbb.com

EGG 安全问题

 发布 : 2020-10-18  字数统计 : 214 字  阅读时长 : 1 分  分类 : EGG  浏览 :

Egg https 配置

1
2
3
4
5
6
7
8
9
10
11
config.cluster = {
  listen: {
    path: "",
    port: 443
  },
  https: {
    key: key,
    cert: cert,
    ciphers: 'ECDHE-RSA-AES128-GCM-SHA256' //此参数并不支持,需要修改源码lib包
  }
}

node-modules/egg-cluster/lib/app_worker.js

1
2
3
4
if (httpsOptions.ciphers) {
  httpsOptions.ciphers = httpsOptions.ciphers;
}

Egg 安全配置

node-modules/egg-cluster/lib/app_worker.js

1
2
3
4
5
6
7
8
9
10
// SSL/TLS存在重协商漏洞
var tls = require('tls');

tls.CLIENT_RENEG_LIMIT = 0;
tls.CLIENT_RENEG_WINDOW = 0;


// HTTPS慢速拒绝服务漏洞
server.headersTimeout = 9 * 1000;
server.maxHeadersCount = 2000;

静态资源添加响应头

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
// app/route.js
const initStatic = app.config.coreMiddleware.indexOf('static');
const uedStatic = app.middleware.uedStatic();
app.middleware.splice(initStatic, 0, uedStatic);

// middleware/ued_static.js
module.exports = () => {
  return async function uedStatic(ctx, next) {
    if (ctx.request.url.indexOf("/js/") || ctx.request.url.indexOf("/css/" || ctx.request.url.indexOf("/img/"))) {
      ctx.response.set({
        "响应头key": "响应头Value"
      })
    }
    await next();
  }
}

参考

标签: EGG HTTPS 安全问题
留下足迹