#访问控制——禁止PHP解析
- 核心配置文件内容 <Directory /data/wwwroot/111.com/upload> php_admin_flag engine off </Directory>
- curl测试时直接返回了php源代码,并未解析
[root@node35 ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/111.com/upload>
php_admin_flag engine off
<FilesMatch (.*)\.php(.*)>
Order allow,deny
Deny from all
</FilesMatch>
</Directory>
php_admin_flag engine off
<FilesMatch (.*)\.php(.*)>
Order allow,deny
Deny from all
</FilesMatch>
</Directory>
[root@node35 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@node35 ~]# /usr/local/apache2.4/bin/apachectl graceful
Syntax OK
[root@node35 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@node35 ~]# cd /data/wwwroot/111.com/
[root@node35 111.com]# mkdir upload
[root@node35 111.com]# ls
123.php admin index.php qq.png upload
[root@node35 111.com]# cp 123.php upload/
[root@node35 111.com]# curl -x127.0.0.1:80 'http://111.com/upload/123.php' -I
HTTP/1.1 403 Forbidden
Date: Wed, 27 Dec 2017 00:49:49 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
[root@node35 111.com]# mkdir upload
[root@node35 111.com]# ls
123.php admin index.php qq.png upload
[root@node35 111.com]# cp 123.php upload/
[root@node35 111.com]# curl -x127.0.0.1:80 'http://111.com/upload/123.php' -I
HTTP/1.1 403 Forbidden
Date: Wed, 27 Dec 2017 00:49:49 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
[root@node35 111.com]# curl -x127.0.0.1:80 'http://111.com/upload/123.php'
<?php
echo "123.php";
<?php
echo "123.php";
访问控制——user_agent
- user_gaent可以理解为浏览器标识
- 核心配置文件内容 <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_USER_AGENT} .curl. [NC,OR] RewriteCond %{HTTP_USER_AGENT} .baidu [NC] RewriteRule .* - [F] </IfModule>
- curl -A "123123" 指定user_agent
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC]
RewriteRule .* - [F]
</IfModule>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC]
RewriteRule .* - [F]
</IfModule>
[root@node35 111.com]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@node35 111.com]# /usr/local/apache2.4/bin/apachectl graceful
[root@node35 111.com]# !curl
curl -x127.0.0.1:80 'http://111.com/upload/123.php'
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /upload/123.php
on this server.<br />
</p>
</body></html>
[root@node35 111.com]# curl -x127.0.0.1:80 'http://111.com/upload/123.php' -I
HTTP/1.1 403 Forbidden
Date: Wed, 27 Dec 2017 01:06:55 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
[root@node35 111.com]# curl -x127.0.0.1:80 'http://111.com/123.php' -I
HTTP/1.1 403 Forbidden
Date: Wed, 27 Dec 2017 01:07:09 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
Syntax OK
[root@node35 111.com]# /usr/local/apache2.4/bin/apachectl graceful
[root@node35 111.com]# !curl
curl -x127.0.0.1:80 'http://111.com/upload/123.php'
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /upload/123.php
on this server.<br />
</p>
</body></html>
[root@node35 111.com]# curl -x127.0.0.1:80 'http://111.com/upload/123.php' -I
HTTP/1.1 403 Forbidden
Date: Wed, 27 Dec 2017 01:06:55 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
[root@node35 111.com]# curl -x127.0.0.1:80 'http://111.com/123.php' -I
HTTP/1.1 403 Forbidden
Date: Wed, 27 Dec 2017 01:07:09 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
PHP相关配置
查看php配置文件位置
/usr/local/php/bin/php -i|grep -i "loaded configuration file"
date.timezone
disable_functions
eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close
error_log, log_errors, display_errors, error_reporting
open_basedir
php_admin_value open_basedir "/data/wwwroot/111.com:/tmp/"
/usr/local/php/bin/php -i|grep -i "loaded configuration file"
date.timezone
disable_functions
eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close
error_log, log_errors, display_errors, error_reporting
open_basedir
php_admin_value open_basedir "/data/wwwroot/111.com:/tmp/"