Nginx(發音同engine x)是一款輕量級的Web伺服器/反向代理伺服器及電子郵件(IMAP/POP3)代理伺服器,由俄羅斯的程式設計師Igor Sysoev所開發,可以穩定地運作在Linux、Windows等作業系統上,其特點是占用記憶體少,并發能力強。
同其他軟體一樣,Nginx也出現過一些安全漏洞,利用這些漏洞可以對Web伺服器進行滲透攻擊。本文主要描述網際網路架構中常用産品Nginx 的配置和安全加強工作,最終用以指導系統實施。
本文檔用于指導系統工程師進行系統實施工作,架構師和系統工程師應該通讀本文檔,選擇适當方式用于自己的系統。
檢視目前系統中部署的Nginx版本。
<code>[root@localhostnginx]</code><code># nginx -v</code>
<code>nginxversion: nginx</code><code>/1</code><code>.2.5</code>
確定nginx.conf配置檔案上禁用autoindex子產品,即沒有autoindex的配置。
加強檢查:
確定nginx.conf配置檔案上禁用autoindex,即autoindex off或者沒有配置autoindex。
如果開啟的話(預設情況下)所有的錯誤頁面都會顯示伺服器的版本和資訊。nginx.conf配置如下:
<code>http{</code>
<code> </code><code>include naxsi_core.rules;</code>
<code> </code><code>include mime.types;</code>
<code> </code><code>default_type application</code><code>/octet-stream</code><code>;</code>
<code> </code><code>sendfile on;</code>
<code> </code><code>server_tokens off;</code>
<code> </code><code>... ...</code>
<code>[root@localhost~]</code><code># curl -I http://localhost/wavsep</code>
<code>HTTP</code><code>/1</code><code>.1301 Moved Permanently</code>
<code>Server:nginx</code>
<code>Date:Tue, 31 Dec 2013 23:20:29 GMT</code>
<code>Content-Type:text</code><code>/html</code>
<code>Content-Length:178</code>
<code>Location:http:</code><code>//localhost/wavsep/</code>
<code>Connection:keep-alive</code>
<code>Keep-Alive:timeout=30</code>
設定自定義緩存以限制緩沖區溢出攻擊。nginx.conf配置如下:
<code> </code><code>server{</code>
<code> </code><code>... ...</code>
<code> </code><code>client_body_buffer_size 16K;</code>
<code> </code><code>client_header_buffer_size 1k;</code>
<code> </code><code>client_max_body_size 1m;</code>
<code> </code><code>large_client_header_buffers 4 8k;</code>
注:上述的參數不是最優參數,僅供參考。
確定server子產品中配置了上述标紅的配置。
設定timeout設低來防禦DOS攻擊,nginx.conf配置如下:
<code>http {</code>
<code> </code><code>client_body_timeout 10;</code>
<code> </code><code>client_header_timeout 30;</code>
<code> </code><code>keepalive_timeout 30 30;</code>
<code> </code><code>send_timeout 10;</code>
鑒于日志的輸出格式還未确定,目前暫時先使用Nginx預設的日志格式。nginx.conf配置如下:
http {
......
log_format main '$remote_addr - $remote_user [$time_local]"$request" ''$status $body_bytes_sent "$http_referer"''"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/ access.log main;
... ...
檢視Nginx的日志檔案是否存在,并且通路應用時,有日志輸出。
[root@srv-dfh526~]# tail -3f /usr/local/nginx/logs/dfh.smartcity.com.log
Client_IP:10.5.220.27 Client_IP_For:- - - [10/Jan/2014:10:42:20+0800] "method:GET /portal/images/service_6.jpg HTTP/1.1"Protocol:"http" Status:304 Size:0"http://dfh.smartcity.com/portal/ext/index/index.jsp" Args:- Browser:"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1;Trident/5.0; BOIE9;ZHCN)"
Client_IP:10.1.108.133 Client_IP_For:- - - [10/Jan/2014:10:42:23+0800] "method:GET/search/search?collId=1,2,3,4,5,6&query=%B3%C7%CA%D0%B9%E3%B2%A5HTTP/1.1" Protocol:"http" Status:200 Size:4145"http://dfh.smartcity.com/search/search?collId=1,2,3,4,5,6&query=%E5%9F%8E%E5%B8%82%E5%B9%BF%E6%92%AD&appID=1&ucode=utf-8" Args:- Browser:"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/30.0.1599.101 Safari/537.36"
Client_IP:10.5.220.27 Client_IP_For:- - - [10/Jan/2014:10:42:24+0800] "method:GET /portal/images/change/service1_1.png HTTP/1.1"Protocol:"http" Status:304 Size:0"http://dfh.smartcity.com/portal/ext/index/index.jsp" Args:- Browser:"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1;Trident/5.0; BOIE9;ZHCN)"
注:日志輸出格式需要看配置的情況。
在目前的應用系統中值使用到POST和GET方法,是以除了它們之外,其他方式的請求均可拒絕。Nginx.conf配置如下:
<code>server{</code>
<code> </code><code>... ...</code>
<code> </code><code>if</code><code>($request_method !~ ^(GET|HEAD|POST)$) { </code>
<code> </code><code>return404;</code>
<code> </code><code>}</code>
注:因為目前統一錯誤應用沒有定版,是以先使用404,實際中應該使用444.
使用火狐浏覽器的poster插件:
<a href="http://s3.51cto.com/wyfs02/M01/59/3A/wKioL1TMOKXQUZjMAAIlx1GgLrY988.jpg" target="_blank"></a>
嘗試使用不同的請求方式試試,能不能通路。
Nginx日志主要用于日後的審計和分析,對系統的安全有着重要的意義。但是随着時間的推移,日志檔案會變得越來越大,這就需要對日志進行處理分割了。
第一步:建立腳本檔案:
<code>[root@localhosthome]</code><code># vim nginx_log.sh</code>
<code>#/bin/bash</code>
#日志将要存放的路徑
<code>savepath_log=</code><code>'/logs/nginx/logs'</code>
#nginx的日志路徑
<code>nglogs=</code><code>'/usr/logs'</code>
<code> </code>
<code>mkdir</code><code>-p $savepath_log/$(</code><code>date</code> <code>+%Y)/$(</code><code>date</code> <code>+%m)</code>
<code>mv</code><code>$nglogs</code><code>/centoshost</code><code>.com.log $savepath_log/$(</code><code>date</code> <code>+%Y)/$(</code><code>date</code><code>+%m)</code><code>/centoshost</code><code>$(</code><code>date</code> <code>+%Y%m%d%H%M).log</code>
<code>mv</code><code>$nglogs</code><code>/wavsep</code><code>.com.log $savepath_log/$(</code><code>date</code> <code>+%Y)/$(</code><code>date</code> <code>+%m)</code><code>/wavsep</code><code>$(</code><code>date</code><code>+%Y%m%d%H%M).log</code>
<code>kill</code><code>-USR1 $(</code><code>cat</code> <code>/var/run/nginx/nginx</code><code>.pid)</code>
其中,savepath_log和nglogs分别表示日志分割後的存放目錄和Nginx的日志目錄,均需要根據實際情況修改;centoshost.com.log和wavsep.com.log為Nginx現在的檔案檔案名稱,也需要根據實際情況修改;centoshost和wavsep表示切割後儲存的日志檔案名稱,需要根據實際情況修改。
第二步:為nginx_log.sh配置設定可以執行權限
[root@localhost home]# chmod 755 nginx_log.sh
第三步:設定定時器
<code>[[email protected]]</code><code># crontab -e</code>
<code>0000 * * * </code><code>/home/nginx_log</code><code>.sh </code><code>#執行檔案存放路徑,每天淩晨00:00執行</code>
注:儲存方式與vim一緻,輸入:wq。
第四部:重新開機定時器
<code>[[email protected]]</code><code># cd /etc/init.d</code>
<code>[[email protected]]</code><code># ./crond restart</code>
<code>停止 crond: [确定]</code>
<code>正在啟動 crond: [确定]</code>
過程圖:
第一:Nginx日志切割前
第二:儲存日志的目錄(切割前)
第三:Nginx日志切割後
第四:儲存日志的目錄(切割後)
<a href="http://s3.51cto.com/wyfs02/M00/59/3A/wKioL1TMOSrSdRR8AACKipWmi8A288.jpg" target="_blank"></a>
子產品 ngx_http_access_module 允許限制某些IP位址的用戶端通路。
如下範例:
location/ {
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
allow 2001:0db8::/32;
deny all;
}
注:規則按照順序依次檢測,直到比對到第一條規則。 在這個例子裡,IPv4的網絡中隻有 10.1.1.0/16 和 192.168.1.0/24允許通路,但 192.168.1.1除外, 對于IPv6的網絡,隻有2001:0db8::/32允許通路。
Naxsi子產品的內建,是基于Nginx已經部署了或已經存在系統中。
第一步:下載下傳naxsi
<a href="http://s3.51cto.com/wyfs02/M02/59/3D/wKiom1TMOOeQ95Q7AAG2G5s1fxY163.jpg" target="_blank"></a>
注:如果不能上網可以事先下載下傳,再上傳到伺服器中。
第二步:解壓naxsi
[qiang@localhost install]$ tar -zxvfnaxsi-core-0.51-1.tgz
第三步:切換到naxsi-core-0.51-1目錄,并複制其配置檔案到nginx.conf同目錄下
[qiang@localhostnaxsi_config]$ cp naxsi_core.rules /etc/nginx/naxsi_core.rules
修改naxsi_core.rules的配置如下:
##################################
## INTERNAL RULESIDS:1-999 ##
#@MainRule "msg:weirdrequest, unable to parse" id:1;
#@MainRule"msg:request too big, stored on disk and not parsed" id:2;
#@MainRule"msg:invalid hex encoding, null bytes" id:10;
#@MainRule"msg:unknown content-type" id:11;
#@MainRule"msg:invalid formatted url" id:12;
#@MainRule "msg:invalidPOST format" id:13;
#@MainRule"msg:invalid POST boundary" id:14;
## SQL InjectionsIDs:1000-1099 ##
MainRule"rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop""msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie""s:$SQL:8" id:1000;
MainRule"str:\"" "msg:double quote""mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8"id:1001;
MainRule"str:0x" "msg:0x, possible hex encoding""mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
## Hardcore rules
MainRule"str:/*" "msg:mysql comment (/*)""mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
MainRule"str:*/" "msg:mysql comment (*/)""mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
MainRule "str:|""msg:mysql keyword (|)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8"id:1005;
##MainRule"str:&&" "msg:mysql keyword (&&)""mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006;
## end of hardcore rules
MainRule"str:--" "msg:mysql comment (--)""mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007;
MainRule "str:;""msg:; in stuff" "mz:BODY|URL|ARGS""s:$SQL:4,$XSS:8" id:1008;
MainRule "str:=""msg:equal in var, probable sql/xss" "mz:ARGS|BODY""s:$SQL:2" id:1009;
MainRule "str:(""msg:parenthesis, probable sql/xss""mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8"id:1010;
MainRule "str:)""msg:parenthesis, probable sql/xss""mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8"id:1011;
MainRule "str:'""msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie""s:$SQL:4,$XSS:8" id:1013;
MainRule "str:,""msg:, in stuff" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie""s:$SQL:4" id:1015;
MainRule "str:#""msg:mysql comment (#)""mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016;
###############################
## OBVIOUS RFIIDs:1100-1199 ##
MainRule"str:http://" "msg:http:// scheme""mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100;
MainRule"str:https://" "msg:https:// scheme""mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101;
MainRule"str:ftp://" "msg:ftp:// scheme""mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102;
MainRule"str:php://" "msg:php:// scheme""mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103;
MainRule"str:sftp://" "msg:sftp:// scheme""mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1104;
MainRule"str:zlib://" "msg:zlib:// scheme""mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1105;
MainRule"str:data://" "msg:data:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie""s:$RFI:8" id:1106;
MainRule"str:glob://" "msg:glob:// scheme""mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1107;
MainRule"str:phar://" "msg:phar:// scheme""mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1108;
MainRule"str:file://" "msg:file:// scheme""mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1109;
#######################################
## Directory traversalIDs:1200-1299 ##
#######################################
MainRule "str:..""msg:double dot" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie""s:$TRAVERSAL:4" id:1200;
MainRule"str:/etc/passwd" "msg:obvious probe""mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4"id:1202;
MainRule"str:c:\\" "msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie""s:$TRAVERSAL:4" id:1203;
MainRule"str:cmd.exe" "msg:obvious probe""mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4"id:1204;
MainRule"str:\\" "msg:backslash""mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4"id:1205;
MainRule "str:/""msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie""s:$TRAVERSAL:2" id:1206;
########################################
## Cross Site ScriptingIDs:1300-1399 ##
MainRule"str:<" "msg:html open tag""mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302;
MainRule"str:>" "msg:html close tag""mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303;
MainRule "str:[""msg:[, possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie""s:$XSS:4" id:1310;
MainRule "str:]""msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie""s:$XSS:4" id:1311;
MainRule "str:~""msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie""s:$XSS:4" id:1312;
MainRule"str:`" "msg:grave accent!" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8"id:1314;
MainRule "rx:%[2|3]." "msg:double encoding !""mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
MainRule "rx:%3[c|e]." "msg:double encoding !""mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1316;
MainRule "rx:\\\u003[c|e]" "msg:tag encoding !""mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1317;
MainRule "str:&#" "msg:utf7/8 encoding" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie""s:$EVADE:4" id:1318;
####################################
## Evading tricks IDs:1400-1500 ##
MainRule"str:&#" "msg: utf7/8 encoding""mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4"id:1400;
MainRule"str:%U" "msg: M$ encoding""mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4"id:1401;
MainRule negative"rx:multipart/form-data|application/x-www-form-urlencoded""msg:Content is neither mulipart/x-www-form..""mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
#############################
## File uploads: 1500-1600##
MainRule"rx:.ph|.asp|.ht" "msg:asp/php file upload!""mz:FILE_EXT" "s:$UPLOAD:8" id:1500;
MainRule "rx:.jsp""msg:asp/php file upload!" "mz:FILE_EXT""s:$UPLOAD:8" id:1501;
MainRule "rx:.html""msg:asp/php file upload!" "mz:FILE_EXT""s:$UPLOAD:8" id:1502;
MainRule "rx:.php""msg:asp/php file upload!" "mz:FILE_EXT""s:$UPLOAD:8" id:1503;注:(1)nginx.conf所有的目錄是在nginx編譯安裝時,預設的配置是<prefix>/conf/nginx.conf。
(2)鑒于原有的naxsi_core.rules檔案中規則不足,最好是采用本文檔中的配置規則。
第四步:編譯安裝Nginx
檢視系統原來編譯Nginx的參數:
[qiang @srv-dfh526 ~]#nginx -V
nginx version: nginx/1.3.0
TLS SNI support enabled
configure arguments:--with-http_stub_status_module --with-http_gzip_static_module--with-http_ssl_module --prefix=/usr/local/nginx--with-openssl=/root/install/openssl-1.0.1c --with-pcre=/root/install/pcre-8.20
在原來的編譯參數的首行加入--add-module=/root/install/naxsi-core-0.51-1/naxsi_src。
[[email protected]]#./configure
--add-module=/root/install/naxsi-core-0.51-1/naxsi_src\
--with-http_stub_status_module\
--with-http_gzip_static_module\
--with-http_ssl_module \
--prefix=/usr/local/nginx\
--with-openssl=/root/install/openssl-1.0.1c\
--with-pcre=/root/install/pcre-8.20
[[email protected]]# make && make install
注:上述的參數可以根據實際情況選擇,但是标紅的需要有。
第五步:驗證nginx是否安裝成功
[[email protected]]# nginx
nginx: [warn] low addressbits of 192.168.1.65/26 are meaningless in /etc/nginx/nginx.conf:78
[[email protected]]# ps -ef |grep nginx
root 3086 1 0 10:53 ? 00:00:00 nginx: master process nginx
root 3087 3086 1 10:53 ? 00:00:00 nginx: worker process
root 3088 3086 1 10:53 ? 00:00:00 nginx: worker process
root 3089 3086 1 10:53 ? 00:00:00 nginx: worker process
root 3090 3086 1 10:53 ? 00:00:00 nginx: worker process
root 3093 3073 4 10:53 pts/1 00:00:00 grep nginx
第六步:配置過濾條件
切換目錄到與nginx.conf同目錄下,建立nbs.rules檔案。
[qiang@localhost nginx]#vim nbs.rules
##LearningMode;
#Enables learningmode--stop
SecRulesEnabled;
##Disables learning
##SecRulesDisabled;
DeniedUrl"/RequestDenied";
## check rules
CheckRule "$SQL >=8" BLOCK;
CheckRule "$RFI >=8" BLOCK;
CheckRule "$TRAVERSAL>= 8" BLOCK;
CheckRule "$EVADE>= 8" BLOCK;
CheckRule "$XSS >=8" BLOCK;
############################################################
## STOP ALL RULES(如果不需要可以關閉全部過濾規則) ##
#BasicRule wl:0;
BasicRulewl:1,2,10,11,12,13,14;
BasicRule wl: 1000,1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1011,1012,1013,1014,1015,1016;
BasicRulewl:1100,1101,1102,1103,1104,1105,1106,1107,1108,1109;
BasicRulewl:1200,1202,1203,1204,1205,1206;
BasicRulewl:1310,1311,1312,1313,1314,1315,1318;
BasicRulewl:1400,1401,1402;
BasicRule wl:1500,1501,1502,1503;
注:該nbs.rules檔案的規則需要根據不同的業務應用制定。
第七步:配置nginx.conf
http{
#必須配置
include naxsi_core.rules;
include mime.types;
default_type application/octet-stream;
.......
server {
listen 80;
server_name localhost centoshost.com;
charset utf-8;
.......
location /wavsep/ {
.......
#每一個location配置首行都需要添加該行
includenbs.rules;
}
#與應用處于相同的server配置
location /RequestDenied {
error_page 404 /404.html;
}
注:wavsep表示一個demo應用。
第八步:重新開機nginx
nginx:[warn] low address bits of 192.168.1.65/26 are meaningless in/etc/nginx/nginx.conf:78
nginx:the configuration file /etc/nginx/nginx.conf syntax is ok
nginx:configuration file /etc/nginx/nginx.conf test is successful
[qiang@localhostnginx]# nginx -s reload
第九步:測試攔截規則是否啟用
上述的規則僅過濾“<”、“>”。
測試XSS注入:
<a href="http://s3.51cto.com/wyfs02/M00/59/3A/wKioL1TMOeeSQQrFAAFW1kAODH4636.jpg" target="_blank"></a>
結果:
<a href="http://s3.51cto.com/wyfs02/M01/59/3A/wKioL1TMOfTT31s9AAE0gGY-_xc260.jpg" target="_blank"></a>
第十步:替換應用中的ajax
<code>function</code> <code>htmlEncode (str){</code>
<code> </code><code>var</code> <code>s = </code><code>""</code><code>;</code>
<code> </code><code>if</code> <code>(str.length == 0) </code><code>return</code> <code>""</code><code>;</code>
<code> </code><code>//s = str.replace(/ /g, "&nbsp;");</code>
<code> </code><code>//s = str.replace(/&/g, "&amp;");</code>
<code> </code><code>s = str.replace(/</g, </code><code>"&lt;"</code><code>);</code>
<code> </code><code>s=s.replace(/%3C/g,</code><code>"&lt;"</code><code>);</code>
<code> </code><code>s=s.replace(/%3c/g,</code><code>"&lt;"</code><code>);</code>
<code> </code><code>s = s.replace(/>/g, </code><code>"&gt;"</code><code>);</code>
<code> </code><code>s = s.replace(/%3E/g, </code><code>"&gt;"</code><code>);</code>
<code> </code><code>s = s.replace(/%3e/g, </code><code>"&gt;"</code><code>);</code>
<code> </code><code>//s = s.replace(/\'/g, "&#39;");</code>
<code> </code><code>//s = s.replace(/\"/g, "&quot;");</code>
<code> </code><code>//s = s.replace(/\n/g, "<br>");</code>
<code> </code><code>return</code> <code>s;</code>
<code>}</code>
<code>function</code> <code>ajaxJsonCall(url, data, callback) {</code>
<code> </code><code>var</code> <code>source="</code><code>";</code>
<code> </code><code>if(typeof(data) == "</code><code>object</code><code>"){</code>
<code> </code><code>source=htmlEncode(JSON.stringify(data));</code>
<code> </code><code>source=JSON.parse(source);</code>
<code> </code><code>data=source;</code>
<code> </code><code>}else if(typeof(data) == "</code><code>string</code><code>"){</code>
<code> </code><code>source=htmlEncode(data);</code>
<code> </code><code>}</code>
<code> </code><code>$.ajax({</code>
<code> </code><code>url: app_path + '/' + url,</code>
<code> </code><code>//contentType: "</code><code>application/x-www-form-urlencoded;charset=utf-8</code><code>",</code>
<code> </code><code>data: data,</code>
<code> </code><code>type: "</code><code>POST</code><code>",</code>
<code> </code><code>dataType: "</code><code>json",</code>
<code> </code><code>error:</code><code>function</code><code>(msg){msg.rtnCode='999999</code><code>';msg.rtnMsg='</code><code>發生未知異常</code><code>';callback(msg)},</code>
<code> </code><code>success: callback</code>
<code> </code><code>});</code>
<code> </code><code>/*data = replacechar(data); </code>
<code> </code><code>$.post(app_path + '</code><code>/</code><code>' + url, data, callback, '</code><code>json');*/</code>
版權聲明:原創作品,如需轉載,請注明出處。否則将追究法律責任
本文轉自 夢朝思夕 51CTO部落格,原文連結:http://blog.51cto.com/qiangmzsx/1610200