nginx 403 forbidden ， google 了 3 天还没搞定，请教同学们

环境：centos7+openresty+csf 防火墙+php7

issue： http 和 https 均能显示正常，但是，大约 5 秒钟内刷新任何一个网页超过 5 次后，就会出现 403 forbidden，大约 10 秒钟后，刷新该页面，该网页重新可以访问。

贴出自己的 error.log 和 nginx.conf:

2018/09/05 02:46:56 [notice] 22581#22581: 3260 "^(.)" matches "/robots.txt", client: 162.158.107.13, server: 19.162.19.38, request: "GET /robots.txt HTTP/1.1", host: "www.mydomain.com"

2018/09/05 02:46:56 [notice] 22581#22581: *3260 rewritten redirect: "https://www.mydomain.com/robots.txt", client: 162.158.107.13, server: 19.162.19.38, request: "GET /robots.txt HTTP/1.1", host: "www.mydomain.com"

2018/09/05 02:46:57 [notice] 22581#22581: 3262 "^(.)" matches "/", client: 108.162.245.124, server: 19.162.19.38, request: "GET /?/category-22__is_recommend-1 HTTP/1.1", host: "www.mydomains.com"

2018/09/05 02:46:57 [notice] 22581#22581: *3262 rewritten redirect: "https://www.mydomain.com/?/category-22__is_recommend-1", client: 108.162.245.124, server: 39.12.21.38, request: "GET /?/category-22__is_recommend-1 HTTP/1.1", host: "www.mydomain.com"

2018/09/05 02:50:03 [error] 22581#22581: *3265 open() "/usr/local/openresty/nginx/html/crond/run/1535740897" width="1" height="1" />" failed (2: No such file or directory), client: 119.162.19.388, server: www.mydomain.com, request: "GET /crond/run/1535740897%22%20width%3D%221%22%20height%3D%221%22%20/%3E HTTP/1.1", host: "mydomain.com"

2018/09/05 02:51:28 [error] 22581#22581: *3272 open() "/usr/local/openresty/nginx/html/apple-touch-icon-precomposed.png" failed (2: No such file or directory), client: 173.245.48.63, server: www.mydomain.com, request: "GET /apple-touch-icon-precomposed.png HTTP/1.1", host: "www.mydomain.com"

2018/09/05 02:51:29 [error] 22581#22581: *3273 open() "/usr/local/openresty/nginx/html/apple-touch-icon.png" failed (2: No such file or directory), client: 162.158.58.159, server: www.mydomain.com, request: "GET /apple-touch-icon.png HTTP/1.1", host: "www.mydomain.com"

2018/09/05 02:53:11 [error] 22581#22581: *3295 open() "/usr/local/openresty/nginx/html/favicon.ico" failed (2: No such file or directory), client: 172.69.33.113, server: www.mydomain.com, request: "GET /favicon.ico HTTP/1.1", host: "www.mydomain.com", referrer: "https://www.mydomain.com/?/"

nginx.conf 文件:

user root;

worker_processes 1;

#error_log logs/error.log;

error_log logs/error.log debug;

#error_log logs/error.log info;

pid logs/nginx.pid;

events {

worker_connections  1024;

}

http {

include       mime.types;

default_type  application/octet-stream;

#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
#                  '$status $body_bytes_sent "$http_referer" '
#                  '"$http_user_agent" "$http_x_forwarded_for"';

#access_log  logs/access.log  main;

sendfile        on;
#tcp_nopush     on;

#keepalive_timeout  0;
keepalive_timeout  65;

client_max_body_size 8m;    #允许客户端请求的最大单文件字节数
client_body_buffer_size 2m;  #缓冲区代理缓冲用户端请求的最大字节

fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;

gzip  on;

#WAF

lua_shared_dict limit 50m;
lua_shared_dict guard_dict 100m;
lua_shared_dict dict_captcha 70m;
lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua";
init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua";
access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";





server {
    listen       80;
    listen       [::]:80 ipv6only=on default_server;
    server_name  39.2.19.38;
    rewrite ^(.*) https://$host$1 permanent;


    #charset koi8-r;

    #access_log  logs/host.access.log  main;

    location / {
        root   html;
        index  index.php index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
       root           html;
       fastcgi_pass   127.0.0.1:9000;
       fastcgi_index  index.php;
       fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
       include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#    listen       8000;
#    listen       somename:8080;
#    server_name  somename  alias  another.alias;

#    location / {
#        root   html;
#        index  index.html index.htm;
#    }
#}


# HTTPS server
#
server {
    listen       443 ssl http2;
    server_name  www.mydomain.com;

    charset  utf-8;
    ssl on;
    default_type  text/plain;
    
   ssl_certificate       1_www.mydomain.com_bundle.crt;
   ssl_certificate_key   2_www.mydomain.com.key;
   

   ssl_session_cache    shared:SSL:1m;
   ssl_session_timeout  5m;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

   ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
   ssl_prefer_server_ciphers  on;

    location / {
        root   html;
        index  index.html index.htm index.php;
    }

   location ~ /phpmyadmin/.+\.php$ {
        if ($fastcgi_script_name ~ /phpmyadmin/(.+\.php.*)$) {
         set $valid_fastcgi_script_name $1;
        }
         include fastcgi_params;
         fastcgi_pass 127.0.0.1:9000;
         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME /usr/share/phpMyAdmin/$valid_fastcgi_script_name;
     }

    location ~ \.php$ {
        # 设置监听端口
        fastcgi_pass   127.0.0.1:9000;
        # 设置 nginx 的默认首页文件(上面已经设置过了，可以删除)
        fastcgi_index  index.php;
        # 设置脚本文件请求的路径
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        # 引入 fastcgi 的配置文件
        include        fastcgi_params;
    }



}

}