2018-09-13

标签：推荐   错误信息   返回   inf   asi   set   port   ati   index.php   

11.25 配置防盗链

[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //改为如下
    <Directory /data/wwwroot/www.123.com>
        SetEnvIfNoCase Referer "http://www.123.com" local_ref //白名单
        SetEnvIfNoCase Referer "http://123.com" local_ref
        SetEnvIfNoCase Referer "^$" local_ref //空白名单 用当期域名访问时为白名单
        <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">
            Order Allow,Deny  //匹配顺序
            Allow from env=local_ref
        </filesmatch>
    </Directory>
[root@localhost ~]# curl -e "http://123.com/png" -x192.168.31.10:80 123.com/11.png -I //-e 指定referer -I 显示状态码信息

11.26 访问控制Directory

[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //改为如下
    <Directory /data/wwwroot/www.123.com/admin/>
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    </Directory>
[root@localhost ~]# curl -x192.168.31.10:80 123.com/admin/
[root@localhost ~]# curl -x127.0.0.1:80 123.com/admin/

11.27 访问控制FilesMatch

[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //改为如下
    <Directory /data/wwwroot/www.123.com>
        <FilesMatch  "admin.php(.*)">
         Order deny,allow
         Deny from all
         Allow from 127.0.0.1
        </FilesMatch>
    </Directory>
[root@localhost ~]# curl -x192.168.31.10:80 123.com/admin.php
[root@localhost ~]# curl -x127.0.0.1:80 123.com/admin.php

11.28 限定某个目录禁止解析php

[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //改为如下
    <Directory /data/wwwroot/www.123.com/upload>
        php_admin_flag engine off //禁止解析php,返回php源代码
        <FilesMatch  "(.*).php(.*)"> //禁止访问返回的php源代码
         Order allow,deny
         Deny from all
        </FilesMatch>
    </Directory>
[root@localhost ~]# curl -x127.0.0.1:80 123.com/upload/123.php

11.29 限制user_agent(浏览器标识)

[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //改为如下
   <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_USER_AGENT}  .*curl.* [NC,OR] //NC 忽略大小写 OR 与下一条为或者关系，不写为并且关系
        RewriteCond %{HTTP_USER_AGENT}  .*baidu.com.* [NC]
        RewriteRule  .*  -  [F] //F 403
    </IfModule>
[root@localhost ~]# curl -A "chrome" -x127.0.0.1:80 123.com //-A 指定user_agent

11.30/11.31 php相关配置

php.ini位置

[root@localhost ~]# /usr/local/php/bin/php -i|grep -i "loaded configuration file" //可能不准，推荐用phpinfo
Loaded Configuration File => /usr/local/php/etc/php.ini
[root@localhost ~]# vim index.php //编辑好后用浏览器访问
<?php
phpinfo();
?>

禁止php危险函数

[root@localhost ~]# vim /usr/local/php/etc/php.ini
disable_functions = eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,phpinfo

定义时区

[root@localhost ~]# vim /usr/local/php/etc/php.ini
date.timezone = Asia/Shanghai

日志设置

[root@localhost ~]# vim /usr/local/php/etc/php.ini
display_errors = Off //错误信息不显示
log_errors = On  //日志开启
error_log = /tmp/php_errors.log //日志目录
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT //错误日志级别

将PHP所能打开的文件限制在指定的目录树中

[root@localhost ~]# vim /usr/local/php/etc/php.ini //对所有网站限制
open_basedir "/data/wwwroot/123.com:/tmp/"
[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //可对单个网站限制
    php_admin_value open_basedir "/data/wwwroot/123.com:/tmp/"

11.32 php扩展模块安装

安装第三方redis的模块

[root@localhost ~]# cd /usr/local/src/
[root@localhost src]# wget https://codeload.github.com/phpredis/phpredis/zip/develop 
[root@localhost src]# mv develop phpredis-develop.zip
[root@localhost src]# unzip phpredis-develop.zip
[root@localhost src]# cd phpredis-develop
[root@localhost phpredis-develop]# /usr/local/php/bin/phpize //生成configure文件
[root@localhost phpredis-develop]# ./configure --with-php-config=/usr/local/php/bin/php-config
[root@localhost phpredis-develop]# make && make install
[root@localhost ~]# /usr/local/php/bin/php -i |grep extension_dir //查看扩展模块存放目录，我们可以在php.ini中去自定义该路径 
[root@localhost ~]# vim /usr/local/php/etc/php.ini  //增加一行配置（可以放到文件最后一行）
extension = redis.so
[root@localhost ~]# /usr/local/php/bin/php -m

安装源码包自带模块

[root@localhost ~]# cd /usr/local/src/php-xxx/ext/
[root@localhost ext]# cd zip/ //需要安装的模块目录
[root@localhost zip]# /usr/local/php/bin/phpize //生成configure文件
[root@localhost zip]# ./configure --with-php-config=/usr/local/php/bin/php-config
[root@localhost zip]# make && make install
[root@localhost ~]# vim /usr/local/php/etc/php.ini
extension = zip.so
[root@localhost ~]# /usr/local/php/bin/php -m

扩展
几种限制ip的方法 http://ask.apelearn.com/question/6519

apache 自定义header http://ask.apelearn.com/question/830

apache的keepalive和keepalivetimeout http://ask.apelearn.com/question/556

apache开启压缩 http://ask.apelearn.com/question/5528

apache2.2到2.4配置文件变更 http://ask.apelearn.com/question/7292

apache options参数 http://www.365mini.com/page/apache-options-directive.htm

apache禁止trace或track防止xss http://ask.apelearn.com/question/1045

apache 配置https 支持ssl http://ask.apelearn.com/question/1029

apache rewrite教程 http://coffeelet.blog.163.com/blog/static/13515745320115842755199/ http://www.cnblogs.com/top5/archive/2009/08/12/1544098.html

apache rewrite 出现死循环 http://ask.apelearn.com/question/1043

php错误日志级别参考 http://ask.apelearn.com/question/6973

php开启短标签 http://ask.apelearn.com/question/120

php.ini详解 http://legolas.blog.51cto.com/2682485/493917

2018-09-13

标签：推荐   错误信息   返回   inf   asi   set   port   ati   index.php   

原文地址：https://www.cnblogs.com/2KP2/p/9650303.html