preface
Website security is very important for SEO optimization, even if you optimize the site is very good, but if the site security problems are found to be black, resulting in optimization efforts wasted, light weight is K station.
Therefore, if the website security is not in place for SEO optimization is endless, on the one hand, timely upgrade the server system and website program, for the cloud server can buy related security services can ensure the maximum extent of the website security. However, server security group policies can be correctly configured to improve server security.
What is a security group
The server is essentially the same as our computer. Security group is equal to the rule configuration in the Computer Windows firewall, which can control the inbound and outbound IP addresses and ports allowed. As long as the security group of the firewall is reasonably configured, it can resist many attacks and effectively prevent the website from being hacked.
The core idea of security group configuration is to minimize port access. You need to mask all the outbound and inbound ports of the server, and then add whitelist according to actual requirements. In this way, the access scope is minimized, and most malicious access requests will die directly in this step.
Configuring security Groups
To share a set of security group configuration, you can adjust according to the needs of the site itself, the common server Tencent cloud, Ali cloud cloud and other cloud service background can find the configuration location of the security group, you can set according to the following configuration.
Inbound rules
The inbound rule controls the server to accept external access. You need to be careful when configuring this rule. The normal operation of the website is to allow IP access through the corresponding port. First, block all the ports on the website, and then open port 80 to all IP addresses. If the website is using HTTPS protocol, open port 443.
For developers who need to remotely connect to the server, add a whitelist of the IP address and port used by the tool.
The outbound rules
Outbound rules are the behavior of the server to request an external IP address, such as sending data to an external machine. For websites, there is no need to have outbound behavior in most cases. Therefore, if the website is hacked, the outbound behavior can also be blocked to ensure that the server data cannot be transmitted externally to ensure data security. The configuration is as follows.
For some services, such as email sending and link push, the server needs to send requests to the corresponding IP address. Therefore, you need to configure a whitelist to enable the service.
To sum up, as long as the reasonable configuration of the website server firewall inbound and outbound rules, can be simple and fast to improve a lot of security, can effectively reduce the possibility of the website is hacked.