nginx 目录遍历漏洞配置

server {
        listen 3001;
        server_name localhost;  
      
        if ($request_uri ~* "(\.\.|%2e%2e|%252e%252e|\\|%5c|%255c)") {
        return 403;
        }
      
        

        location / {

        if ($request_uri ~* (\.\.)) {
            return 403;
        }
        if ($request_uri ~* (%2e%2e/|%2e%2e%5c|%252e%252e/)) {
            return 403;
        }

        proxy_pass http://localhost:3000;
        
         proxy_redirect ~^http(s)?://[^/]+(/.*)$ http://$remote_addr$1;
        
        if ($request_uri ~* ^.*/redirect/.*https?://) {
            return 403;
        }

        # 标准代理头配置
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # 超时设置
        proxy_connect_timeout 300s;
        proxy_read_timeout 300s;
      }
    }