标签:open_basedir php_admin_flag engine off httpd-vhosts.conf
11.28 限定某个目录禁止解析php
编辑配置文件httpd-vhosts.conf
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
添加以下信息
<Directory /data/wwwroot/111.com/upload>
php_admin_flag engine off
<FilesMatch (.*) \.php(.*)>
Order allow,deny
Deny from all
</FilesMatch>
</Directory>
重新加载
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful
测试
mkdir upload //创建目录
ls //查看文件
cp 123.php upload/ //将123.php复制到upload目录下
curl -x127.0.0.1:80 'http://111.com/upload/123.php -I
11.29 限制user_agent
<lfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.*[NC,OR]
RewriteCond %{HTTP_USER_AGENT} .*baidu.com.*[NC]
RewriteCond .* - [F] //F,FORBIDDEN禁止
<lfModule>
重新加载
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful
测试
curl -x127.0.0.1:80 'http://111.com/upload/123.php -I
curl -A "aminglinux aminglinux" -x127.0.0.1:80 'http://111.com/123.php' // -A,指定user_agent;
-I 查看状态码;-e referer;
11.30/11.31 php相关配置
/usr/local/php/bin/php -i | grep -i "loaded configuration file"
open_basedir 安全选项
php_admin_value open_basedir "/data/wwwroot/111.com:/tmp/" //限制一个网站只能访问本网站目录,不能访问其他网站目录
vim /usr/local/php7/etc/php.ini
open_basedir = /data/wwwroot/1111.com:/tmp //若改为1111.com
/usr/local/apache2.4/bin/apachectl graceful
curl -A "a" -x127.0.0.1:80 http://111.com/2.php -I //500错误
cat /tmp/php_errors.log //日志提示不在允许的目录下
扩展
apache开启压缩 http://ask.apelearn.com/question/5528
apache2.2到2.4配置文件变更 http://ask.apelearn.com/question/7292
apache options参数 http://ask.apelearn.com/question/1051
apache禁止trace或track防止xss http://ask.apelearn.com/question/1045
apache 配置https 支持ssl http://ask.apelearn.com/question/1029
标签:open_basedir php_admin_flag engine off httpd-vhosts.conf
原文地址:http://blog.51cto.com/12059818/2107049
