限定某个目录禁止解析php、限制user_agent、PHP相关

作者: 强出头 | 来源:发表于2018-04-18 22:37 被阅读0次

限定某个目录禁止解析php、限制user_agent、PHP相关
限定某个目录禁止解析php、限制user_agent、php相关
lamp（八）——禁止php解析、限制user_agent、ph
PHP相关
3. PHP基础语法
PHP安装扩展, 以pcntl为例
解决CentOS7安装php7.2之后php -v显示的版本是5
Nginx防盗链、Nginx访问控制、Nginx解析php相关配
php和html混编
tp6框架路由使用

限定某个目录禁止解析php

[root@wsl-001 ~]# /usr/local/apache2.4/bin/apachectl graceful

    <Directory /data/wwwroot/111.com/upload>
        php_admin_flag engine off
    <FilesMatch  "(.*)\.php(.*)">
        Order allow,deny
        Deny from all
        </FilesMatch>
    </Directory>

[root@wsl-001 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@wsl-001 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@wsl-001 ~]# cd /data/wwwroot/111.com/
[root@wsl-001 111.com]# mkdir upload
[root@wsl-001 111.com]# ls
admin  admin.php  index.php  test.jpg  upload
[root@wsl-001 111.com]# cp index.php upload/
[root@wsl-001 111.com]# curl -x 127.0.0.1:80 'http://111.com/upload/index.php' -I
HTTP/1.1 403 Forbidden
Date: Wed, 18 Apr 2018 13:03:23 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1

限制user_agent

限制user_agent

[root@wsl-001 111.com]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 

 <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_USER_AGENT}  .*curl.* [NC,OR]
        RewriteCond %{HTTP_USER_AGENT}  .*baidu.com.* [NC]
        RewriteRule  .*  -  [F]  #直接禁止403
    </IfModule>
[root@wsl-001 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@wsl-001 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@wsl-001 111.com]# curl -x 127.0.0.1:80 'http://111.com/index.php' -I
HTTP/1.1 403 Forbidden
Date: Wed, 18 Apr 2018 13:17:30 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1

[root@wsl-001 111.com]# curl -A "123"  -x 127.0.0.1:80 'http://111.com/index.php' -I
HTTP/1.1 200 OK
Date: Wed, 18 Apr 2018 13:17:50 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Cache-Control: max-age=0
Expires: Wed, 18 Apr 2018 13:17:50 GMT
Content-Type: text/html; charset=UTF-8
[root@wsl-001 111.com]# tail /usr/local/apache2.4/logs/111.com-access_20180418.log 
172.16.79.140 - - [18/Apr/2018:16:35:51 +0800] "HEAD http://111.com/admin.php?dasfa HTTP/1.1" 200 - "-" "curl/7.29.0"
172.16.79.140 - - [18/Apr/2018:16:37:12 +0800] "HEAD http://111.com/admin/admin.php?dasfa HTTP/1.1" 403 - "-" "curl/7.29.0"
127.0.0.1 - - [18/Apr/2018:16:37:25 +0800] "HEAD http://111.com/admin/admin.php?dasfa HTTP/1.1" 404 - "-" "curl/7.29.0"
127.0.0.1 - - [18/Apr/2018:21:03:13 +0800] "HEAD http://111.com/upload/index.php HTTP/1.1" 200 - "-" "curl/7.29.0"
127.0.0.1 - - [18/Apr/2018:21:03:23 +0800] "HEAD http://111.com/upload/index.php HTTP/1.1" 403 - "-" "curl/7.29.0"
127.0.0.1 - - [18/Apr/2018:21:17:30 +0800] "HEAD http://111.com/index.php HTTP/1.1" 403 - "-" "curl/7.29.0"
127.0.0.1 - - [18/Apr/2018:21:17:50 +0800] "HEAD http://111.com/index.php HTTP/1.1" 200 - "-" "123"

PHP相关配置

PHP相关配置

通过phpinfo()可以查看php的配置文件所在位置
如果没有需要在源码包中复制到下图位置

php.ini配置文件所在

[root@wsl-001 111.com]# vim /usr/local/php/etc/php.ini
#禁止函数
disable_functions =eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,phpinfo
#定义时区
date.timezone = Asia/Shanghai
#页面打印错误
display_errors = Off
#错误日志记录
log_errors = On
#错误日志记录位置
error_log = /tmp/php_errors.log
#错误记录级别，级别可更改，视情况而定
error_reporting = E_ALL 
#限定所有php的文件目录权限所在位置
open_basedir = /data/wwwroot/

[root@wsl-001 111.com]#  /usr/local/apache2.4/bin/apachectl graceful

[root@wsl-001 111.com]# cat /tmp/php_errors.log 
[18-Apr-2018 22:10:10 Asia/Shanghai] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/111.com/index.php on line 2
[root@wsl-001 111.com]# !curl
curl -A "123"  -x 127.0.0.1:80 'http://111.com/index.php' -I
HTTP/1.1 200 OK
Date: Wed, 18 Apr 2018 14:11:01 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Cache-Control: max-age=0
Expires: Wed, 18 Apr 2018 14:11:01 GMT
Content-Type: text/html; charset=UTF-8

[root@wsl-001 111.com]# cat /tmp/php_errors.log 
[18-Apr-2018 22:10:10 Asia/Shanghai] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/111.com/index.php on line 2
[18-Apr-2018 22:11:01 Asia/Shanghai] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/111.com/index.php on line 2

[root@wsl-001 111.com]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 

#在httpd-vhosts.conf 中针对站点做目录权限限制
php_admin_value open_basedir "/data/wwwroot/111.com:/tmp/"

[root@wsl-001 111.com]#  /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@wsl-001 111.com]#  /usr/local/apache2.4/bin/apachectl graceful

扩展
apache开启压缩 http://ask.apelearn.com/question/5528
apache2.2到2.4配置文件变更 http://ask.apelearn.com/question/7292
apache options参数 http://ask.apelearn.com/question/1051
apache禁止trace或track防止xss http://ask.apelearn.com/question/1045
apache 配置https 支持ssl http://ask.apelearn.com/question/1029

网友评论

本文标题：限定某个目录禁止解析php、限制user_agent、PHP相关

本文链接：https://www.haomeiwen.com/subject/dfvbkftx.html

延伸阅读

深度阅读

您也可以注册成为美文阅读网的作者，发表您的原创作品、分享您的心情！

限定某个目录禁止解析php、限制user_agent、PHP相关

限制user_agent

PHP相关配置

相关文章

限定某个目录禁止解析php、限制user_agent、PHP相关

限定某个目录禁止解析php、限制user_agent、php相关

lamp（八）——禁止php解析、限制user_agent、ph

PHP相关

3. PHP基础语法

PHP安装扩展, 以pcntl为例

解决CentOS7安装php7.2之后php -v显示的版本是5

Nginx防盗链、Nginx访问控制、Nginx解析php相关配

php和html混编

tp6框架路由使用

网友评论

延伸阅读

深度阅读

栏目导航

热点阅读