canyousee · canyousee · May 19, 2018
diff --git a/README.md b/README.md
@@ -1,2 +1,3 @@
-# linux
-学习Linux
+# 2015-linux-public-canyousee
+2015-linux-public-canyousee created by GitHub Classroom
+linux 作业
diff --git a/ex3.md b/ex3.md
diff --git a/ex5.md b/ex5.md
@@ -0,0 +1,115 @@
+# web服务器实验报告 #
+---
+## 实验环境 ##
+**一**、
+
+ubuntu-server-16.04
+
+搭建verynginx
+
+host-only网卡 192.168.56.104
+
+**二、**
+
+ubuntu-server-16.04
+
+搭建wordpress，nginx，dvwa
+
+host-only网卡 192.168.56.107
+
+## 实验过程 ##
+**1.搭建实验环境**
+
+verynginx搭建在一台虚拟机中
+
+![](image/2.PNG)
+![](image/1.PNG)
+
+wordpress和dvwa搭建在另一台虚拟机中，wordpress占用80端口，dvwa占用8080端口
+
+![](image/3.PNG)
+![](image/4.PNG)
+
+
+参考：
+
+[https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-16-04](https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-16-04)
+
+[https://blogs.technet.microsoft.com/positivesecurity/2017/06/01/setting-up-damn-vulnerable-web-app-dvwa-on-ubuntu-in-azure/](https://blogs.technet.microsoft.com/positivesecurity/2017/06/01/setting-up-damn-vulnerable-web-app-dvwa-on-ubuntu-in-azure/)
+
+
+**2.实验检查点**
+
+- VeryNginx作为本次实验的Web App的反向代理服务器和WAF
+
+- PHP-FPM进程的反向代理配置在nginx服务器上，VeryNginx服务器不直接配置Web站点服务
+![](image/11.PNG)
+
+
+
+- 使用Wordpress搭建的站点对外提供访问的地址为： https://wp.sec.cuc.edu.cn 和 http://wp.sec.cuc.edu.cn
+
+- 使用Damn Vulnerable Web Application (DVWA)搭建的站点对外提供访问的地址为： http://dvwa.sec.cuc.edu.cn
+
+![](image/host.PNG)
+
+![](image/y1.PNG)
+
+- 使用IP地址方式均无法访问上述任意站点，并向访客展示自定义的友好错误提示信息页面-1
+
+![](image/12.PNG)
+![](image/14.PNG)
+![](image/13.PNG)
+
+- Damn Vulnerable Web Application (DVWA)只允许白名单上的访客来源IP，其他来源的IP访问均向访客展示自定义的友好错误提示信息页面-2
+
+![](image/15.PNG)
+![](image/16.PNG)
+![](image/17.PNG)
+
+- 在不升级Wordpress版本的情况下，通过定制VeryNginx的访问控制策略规则，热修复WordPress < 4.7.1 - Username Enumeration
+![](image/dvwa_2.PNG)
+![](image/22.PNG)
+![](image/23.PNG)
+![](image/21.PNG)
+
+- 通过配置VeryNginx的Filter规则实现对Damn Vulnerable Web Application (DVWA)的SQL注入实验在低安全等级条件下进行防护
+![](image/dvwa_1.PNG)
+![](image/18.PNG)
+![](image/24.PNG)
+
+- VeryNginx的Web管理页面仅允许白名单上的访客来源IP，其他来源的IP访问均向访客展示自定义的友好错误提示信息页面-3
+
+![](image/19.PNG)
+![](image/20.PNG)
+![](image/21.PNG)
+
+
+- 通过定制VeryNginx的访问控制策略规则实现：
+
+   限制DVWA站点的单IP访问速率为每秒请求数 < 50
+
+   限制Wordpress站点的单IP访问速率为每秒请求数 < 20
+![](image/26.PNG)
+   超过访问频率限制的请求直接返回自定义错误提示信息页面-4
+
+   禁止curl访问
+
+![](image/27.PNG)
+![](image/28.PNG)
+![](image/29.PNG)
+
+---
+# **三、实验问题** #
+
+做完以上步骤，重新启动两台虚拟机，却再也打不开wordpress和verynginx网页
+
+报错拒绝连接请求
+
+
+
+
+
+
+
+
diff --git a/ima/1.PNG b/ima/1.PNG
diff --git a/ima/2.PNG b/ima/2.PNG
diff --git a/ima/3.PNG b/ima/3.PNG
diff --git a/ima/4.PNG b/ima/4.PNG
diff --git a/ima/5.PNG b/ima/5.PNG
diff --git a/ima/6.PNG b/ima/6.PNG
diff --git a/ima/7.PNG b/ima/7.PNG
diff --git a/ima/8.PNG b/ima/8.PNG
diff --git a/image/1.PNG b/image/1.PNG
diff --git a/image/11.PNG b/image/11.PNG
diff --git a/image/12.PNG b/image/12.PNG
diff --git a/image/13.PNG b/image/13.PNG
diff --git a/image/14.PNG b/image/14.PNG
diff --git a/image/15.PNG b/image/15.PNG
diff --git a/image/16.PNG b/image/16.PNG
diff --git a/image/17.PNG b/image/17.PNG
diff --git a/image/18.PNG b/image/18.PNG
diff --git a/image/19.PNG b/image/19.PNG
diff --git a/image/2.PNG b/image/2.PNG
diff --git a/image/20.PNG b/image/20.PNG
diff --git a/image/21.PNG b/image/21.PNG
diff --git a/image/22.PNG b/image/22.PNG
diff --git a/image/23.PNG b/image/23.PNG
diff --git a/image/24.PNG b/image/24.PNG
diff --git a/image/25.PNG b/image/25.PNG
diff --git a/image/26.PNG b/image/26.PNG
diff --git a/image/27.PNG b/image/27.PNG
diff --git a/image/28.PNG b/image/28.PNG
diff --git a/image/29.PNG b/image/29.PNG
diff --git a/image/3.PNG b/image/3.PNG
diff --git a/image/30.PNG b/image/30.PNG
diff --git a/image/4.PNG b/image/4.PNG
diff --git a/image/dvwa_1.PNG b/image/dvwa_1.PNG
diff --git a/image/dvwa_2.PNG b/image/dvwa_2.PNG
diff --git a/image/host.PNG b/image/host.PNG
diff --git a/image/secret.PNG b/image/secret.PNG
diff --git a/image/wrong3.PNG b/image/wrong3.PNG
diff --git a/image/y1.PNG b/image/y1.PNG