\u5728\u7576\u4eca\u7684\u7db2\u7d61\u74b0\u5883\u4e2d\uff0c\u7db2\u7ad9\u5b89\u5168\u6027\u8b8a\u5f97\u8d8a\u4f86\u8d8a\u91cd\u8981\u3002\u8de8\u7ad9\u8173\u672c\u653b\u64ca\uff08XSS\uff09\u662f\u4e00\u7a2e\u5e38\u898b\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u64ca\u8005\u53ef\u4ee5\u5229\u7528\u5b83\u4f86\u7aca\u53d6\u7528\u6236\u7684\u654f\u611f\u4fe1\u606f\u6216\u57f7\u884c\u60e1\u610f\u4ee3\u78bc\u3002\u70ba\u4e86\u4fdd\u8b77\u7db2\u7ad9\u514d\u53d7\u9019\u985e\u653b\u64ca\uff0cApache\u4f3a\u670d\u5668\u63d0\u4f9b\u4e86\u4e00\u500b\u5f37\u5927\u7684\u6a21\u7d44\u2014\u2014mod_headers\uff0c\u901a\u904e\u914d\u7f6eHTTP\u6a19\u982d\u4f86\u589e\u5f37\u5b89\u5168\u6027\u3002<\/p>\n
XSS\u653b\u64ca\u901a\u5e38\u767c\u751f\u5728\u7528\u6236\u7684\u700f\u89bd\u5668\u4e2d\uff0c\u653b\u64ca\u8005\u5c07\u60e1\u610f\u8173\u672c\u6ce8\u5165\u5230\u7db2\u9801\u4e2d\uff0c\u7576\u7528\u6236\u8a2a\u554f\u8a72\u7db2\u9801\u6642\uff0c\u9019\u4e9b\u8173\u672c\u4fbf\u6703\u5728\u7528\u6236\u7684\u700f\u89bd\u5668\u4e2d\u57f7\u884c\u3002\u9019\u53ef\u80fd\u5c0e\u81f4\u7528\u6236\u7684\u6703\u8a71\u88ab\u52ab\u6301\u3001\u654f\u611f\u6578\u64da\u88ab\u7aca\u53d6\uff0c\u751a\u81f3\u7db2\u7ad9\u7684\u5b8c\u6574\u6027\u53d7\u5230\u5a01\u8105\u3002<\/p>\n
mod_headers\u662fApache\u7684\u4e00\u500b\u6a21\u7d44\uff0c\u5141\u8a31\u7528\u6236\u5728HTTP\u97ff\u61c9\u4e2d\u6dfb\u52a0\u3001\u4fee\u6539\u6216\u522a\u9664\u6a19\u982d\u3002\u901a\u904e\u9069\u7576\u914d\u7f6emod_headers\uff0c\u53ef\u4ee5\u6709\u6548\u5730\u9632\u6b62XSS\u653b\u64ca\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u5e38\u898b\u7684HTTP\u6a19\u982d\uff0c\u9019\u4e9b\u6a19\u982d\u53ef\u4ee5\u5e6b\u52a9\u589e\u5f37\u7db2\u7ad9\u7684\u5b89\u5168\u6027\uff1a<\/p>\n
\u4ee5\u4e0b\u662f\u5982\u4f55\u4f7f\u7528mod_headers\u914d\u7f6eApache\u4f3a\u670d\u5668\u4ee5\u9632\u6b62XSS\u653b\u64ca\u7684\u6b65\u9a5f\uff1a<\/p>\n
\u9996\u5148\uff0c\u78ba\u4fddmod_headers\u6a21\u7d44\u5df2\u7d93\u555f\u7528\u3002\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u4f86\u555f\u7528\uff1a<\/p>\n
sudo a2enmod headers<\/code><\/pre>\n2. \u7de8\u8f2fApache\u914d\u7f6e\u6587\u4ef6<\/h3>\n
\u63a5\u4e0b\u4f86\uff0c\u7de8\u8f2fApache\u7684\u914d\u7f6e\u6587\u4ef6\uff08\u901a\u5e38\u662fhttpd.conf\u6216apache2.conf\uff09\uff0c\u4e26\u6dfb\u52a0\u4ee5\u4e0b\u6a19\u982d\u914d\u7f6e\uff1a<\/p>\n
\nHeader set X-XSS-Protection \"1; mode=block\"\nHeader set X-Content-Type-Options \"nosniff\"\nHeader set Content-Security-Policy \"default-src 'self'; script-src 'self'; object-src 'none';\"\n<\/code><\/pre>\n3. \u91cd\u65b0\u555f\u52d5Apache\u4f3a\u670d\u5668<\/h3>\n
\u5b8c\u6210\u914d\u7f6e\u5f8c\uff0c\u91cd\u65b0\u555f\u52d5Apache\u4f3a\u670d\u5668\u4ee5\u4f7f\u66f4\u6539\u751f\u6548\uff1a<\/p>\n
sudo systemctl restart apache2<\/code><\/pre>\n\u6e2c\u8a66\u914d\u7f6e<\/h2>\n
\u914d\u7f6e\u5b8c\u6210\u5f8c\uff0c\u5efa\u8b70\u4f7f\u7528\u700f\u89bd\u5668\u7684\u958b\u767c\u8005\u5de5\u5177\u4f86\u6aa2\u67e5HTTP\u97ff\u61c9\u6a19\u982d\uff0c\u78ba\u4fdd\u6240\u6dfb\u52a0\u7684\u6a19\u982d\u6b63\u78ba\u986f\u793a\u3002\u9019\u53ef\u4ee5\u5e6b\u52a9\u78ba\u8a8dXSS\u4fdd\u8b77\u662f\u5426\u5df2\u6210\u529f\u555f\u7528\u3002<\/p>\n
\u7d50\u8ad6<\/h2>\n
\u901a\u904e\u4f7f\u7528Apache\u7684mod_headers\u6a21\u7d44\uff0c\u7db2\u7ad9\u7ba1\u7406\u54e1\u53ef\u4ee5\u6709\u6548\u5730\u589e\u5f37\u7db2\u7ad9\u7684\u5b89\u5168\u6027\uff0c\u9632\u6b62XSS\u653b\u64ca\u3002\u6b63\u78ba\u914d\u7f6eHTTP\u6a19\u982d\u4e0d\u50c5\u80fd\u4fdd\u8b77\u7528\u6236\u7684\u654f\u611f\u4fe1\u606f\uff0c\u9084\u80fd\u63d0\u9ad8\u6574\u9ad4\u7db2\u7ad9\u7684\u4fe1\u4efb\u5ea6\u3002\u96a8\u8457\u7db2\u7d61\u5b89\u5168\u5a01\u8105\u7684\u65e5\u76ca\u589e\u52a0\uff0c\u63a1\u53d6\u9019\u4e9b\u63aa\u65bd\u662f\u6bcf\u500b\u7db2\u7ad9\u7ba1\u7406\u54e1\u7684\u8cac\u4efb\u3002<\/p>\n