假设取消web 目录uploads的php脚本执行权限, 网站根目录是/var/www/blog。
针对 apache :
<Directory “/var/www/blog/data/”>
<FilesMatch “.(php|asp|jsp)$”>
Order allow,deny
Deny from all
</FilesMatch>
</Directory>
针对 nginx :
location ~ ^/upload/.*\.(php|php5)$
{
deny all;
}
简单写个php文件测试如下:
Forbidden
You don’t have permission to access /uploads/phpinfo.php on this server.