配置防盗链
- 通过限制referer来实现防盗链的功能
- 配置文件增加如下内容
<Directory /data/wwwroot/www.123.com>
SetEnvIfNoCase Referer "http://www.123.com" local_ref
SetEnvIfNoCase Referer "http://123.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
- curl -e "http://www.aminglinux.com/123.html" 自定义referer
防盗链,就是不让别人盗用你网站上的资源,这个资源,通常指的是图片、视频、歌曲、文档等。
referer的概念
你通过A网站的一个页面http://a.com/a.html 里面的链接去访问B网站的一个页面http://b.com/b.html ,那么这个B网站页面的referer就是http://a.com/a.html。 也就是说,一个referer其实就是一个网址。
1.配置防盗链
[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
//添加以下内容
<Directory /data/wwwroot/111.com>
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "http://111.com" local_ref
# SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
解释说明:
首先定义允许访问链接的referer,其中^$为空referer,当直接在浏览器里输入图片地址去访问它时,它的referer就为空。然后又使用filesmatch来定义需要保护的文件类型,访问txt、doc、mp3、zip、rar、jpg、gif、png格式的文件,当访问这样的类型文件时就会被限制。
2.测试配置文件
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
httpd not running, trying to start
3.测试
浏览器访问:http://111.com/baidu.png
在其它网站上链接这个网址,还是打不开。 
然后在虚拟主机配置文件里把第三方站点加入到白名单
<Directory /data/wwwroot/111.com>
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "http://ask.apelearn.com" local_ref
# SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
如果想要直接可以在网站上访问需要配置如下:
<Directory /data/wwwroot/111.com>
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "http://ask.apelearn.com" local_ref
SetEnvIfNoCase Referer "https://user.qzone.qq.com/328713187/infocenter" local_ref
SetEnvIfNoCase Referer "^$" local_ref
// 将此行的#去掉
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
4.使用curl测试
[root@xuexi-001 111.com]# curl -x192.168.5.130:80 http://111.com/baidu.jpg -I
HTTP/1.1 200 OK
Date: Sat, 30 Jun 2018 14:27:16 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Last-Modified: Thu, 28 Jun 2018 16:33:20 GMT
ETag: "30ed-56fb64a095b87"
Accept-Ranges: bytes
Content-Length: 12525
Content-Type: image/jpeg
[root@xuexi-001 111.com]# curl -e "http://www.qq.com/123.txt" -x192.168.5.130:80 111.com/baidu.jpg -I
HTTP/1.1 403 Forbidden
Date: Sat, 30 Jun 2018 14:35:11 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Content-Type: text/html; charset=iso-8859-1
[root@xuexi-001 111.com]# curl -e "http://111.com/123.txt" -x192.168.5.130:80 111.com/baidu.jpg -I
HTTP/1.1 200 OK
Date: Sat, 30 Jun 2018 14:35:34 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Last-Modified: Thu, 28 Jun 2018 16:33:20 GMT
ETag: "30ed-56fb64a095b87"
Accept-Ranges: bytes
Content-Length: 12525
Content-Type: image/jpeg
说明 : 自定义referer 格式 :http://
访问控制Directory
对于一些比较重要的网站内容,除了可以使用用户认证限制访问之外,还可以通过其他一些方法做到限制,比如可以限制IP,也可以限制user_agent,限制IP指的是限制访问网站的来源IP,而限制user_agent,通常用来限制恶意或者不正常的请求。
1.修改虚拟主机配置:
[root@xuexi-001 111.com]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/111.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
解释说明:
使用<Directory>来指定要限制访问的目录,order定义控制顺序,哪个在前面就先匹配哪个规则,在本例中deny在前面,所以要先匹配Deny from all,这样所有的来源IP都会被限制,然后匹配Allow from 127.0.0.1,这样又允许了127.0.0.1这个IP。最终的效果是,只允许来源IP为127.0.0.1的访问。
[root@xuexi-001 111.com]# mkdir admin
[root@xuexi-001 111.com]# cd admin/
[root@xuexi-001 admin]# touch index.php
[root@xuexi-001 admin]# ls
index.php
[root@xuexi-001 admin]# echo "12121" > index.php
[root@xuexi-001 admin]# cat index.php
12121
[root@xuexi-001 admin]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 admin]# /usr/local/apache2/bin/apachectl graceful
[root@xuexi-001 admin]# curl -x 127.0.0.1:80 111.com/admin/index.php -I
HTTP/1.1 200 OK
Date: Sat, 30 Jun 2018 14:55:59 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
X-Powered-By: PHP/5.6.36
Content-Type: text/html; charset=UTF-8
[root@xuexi-001 admin]# curl -x 127.0.0.1:80 111.com/admin/index.php
12121
使用其他IP 访问 则被限制
[root@xuexi-001 admin]# curl -x 192.168.5.130:80 111.com/admin/index.php -I
HTTP/1.1 403 Forbidden
Date: Sat, 30 Jun 2018 14:58:08 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Content-Type: text/html; charset=iso-8859-1
查看访问日志
[root@xuexi-001 admin]# curl -x 127.0.0.1:80 111.com/admin/index.php -I
HTTP/1.1 200 OK
Date: Sat, 30 Jun 2018 15:04:17 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
X-Powered-By: PHP/5.6.36
Content-Type: text/html; charset=UTF-8
[root@xuexi-001 admin]# curl -x 127.0.0.1:80 111.com/admin/index.php
12121
[root@xuexi-001 admin]# curl -x 192.168.5.130:80 111.com/admin/index.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /admin/index.php
on this server.<br />
</p>
</body></html>
[root@xuexi-001 admin]# curl -x 192.168.5.130:80 111.com/admin/index.php -I
HTTP/1.1 403 Forbidden
Date: Sat, 30 Jun 2018 15:04:36 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Content-Type: text/html; charset=iso-8859-1
[root@xuexi-001 admin]# tail /usr/local/apache2/logs/111.com-access_20180630.log
192.168.5.1 - - [30/Jun/2018:21:46:54 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "http://111.com/baidu.jpg" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
127.0.0.1 - - [30/Jun/2018:23:04:17 +0800] "HEAD HTTP://111.com/admin/index.php HTTP/1.1" 200 - "-" "curl/7.29.0"
127.0.0.1 - - [30/Jun/2018:23:04:20 +0800] "GET HTTP://111.com/admin/index.php HTTP/1.1" 200 6 "-" "curl/7.29.0"
192.168.5.130 - - [30/Jun/2018:23:04:30 +0800] "GET HTTP://111.com/admin/index.php HTTP/1.1" 403 224 "-" "curl/7.29.0"
192.168.5.130 - - [30/Jun/2018:23:04:36 +0800] "HEAD HTTP://111.com/admin/index.php HTTP/1.1" 403 - "-" "curl/7.29.0"
解释说明:
本机有两个IP,一个是192.168.5.130,一个是127.0.0.1,通过这两个IP都可以访问到站点.而来源分别为192.168.5.130和127.0.0.1,其实和本机IP是一样的,curl测试状态码为403则被限制访问了。
访问控制FilesMatch
针对某个文件来做限制。
配置文件内容:
<Directory /data/wwwroot/www.123.com>
<FilesMatch "admin.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
1.配置文件内容
[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/111.com>
<FilesMatch "admin.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
2.测试配置文件以及重新加载
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
3.测试
[root@xuexi-001 ~]# curl -x192.168.5.130:80 'http://111.com/admin.php?/asdqwe' -I
HTTP/1.1 403 Forbidden
Date: Sat, 30 Jun 2018 15:20:41 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Content-Type: text/html; charset=iso-8859-1
[root@xuexi-001 ~]# curl -x192.168.5.130:80 'http://111.com/admin/asdqwe' -I
HTTP/1.1 404 Not Found
Date: Sat, 30 Jun 2018 15:20:56 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Content-Type: text/html; charset=iso-8859-1
限定某个目录禁止解析PHP
对于使用PHP语言编写的网站,有一些目录是有需求上传文件的,比如服务器可以上传图片,并且没有做防盗链,所以就会被人家当成了一个图片存储服务器,并且盗用带宽流量。如果网站代码有漏洞,让***上传了一个用PHP代码写的***,由于网站可以执行PHP程序,最终会让***拿到服务器权限,为了避免这种情况发生,我们需要把能上传文件的目录直接禁止解析PHP代码(不用担心会影响网站访问,若这种目录也需要解析PHP,那说明程序员不合格)
1.修改虚拟主机配置文件
[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/111.com/upload>
php_admin_flag engine off <FilesMatch (.*)\.php(.*)>
Order allow,deny
Deny from all
</FilesMatch>
</Directory>
2.测试配置文件以及重新加载
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
3.测试
测试之前 需要先将以下几行先禁止掉
<Directory /data/wwwroot/111.com/upload>
php_admin_flag engine off
# <FilesMatch (.*)\.php(.*)>
# Order allow,deny
# Deny from all
# </FilesMatch>
</Directory>
[root@xuexi-001 ~]# cd /data/wwwroot/111.com/
[root@xuexi-001 111.com]# ls
123.php admin baidu.jpg index.php
[root@xuexi-001 111.com]# mkdir upload
[root@xuexi-001 111.com]# cp 123.php upload/
[root@xuexi-001 111.com]# ls upload/
123.php
[root@xuexi-001 111.com]# curl -x 127.0.0.1:80 'http://111.com/upload/123.php'
<?php
echo"123.php";
?>
将之前禁止掉的内容取消禁止之后测试
[root@xuexi-001 111.com]# curl -x 127.0.0.1:80 'http://111.com/upload/123.php'
<?php
echo"123.php";
?>
[root@xuexi-001 111.com]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 111.com]# /usr/local/apache2/bin/apachectl graceful
[root@xuexi-001 111.com]# curl -x 127.0.0.1:80 'http://111.com/upload/123.php'
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /upload/123.php
on this server.<br />
</p>
</body></html>
[root@xuexi-001 111.com]# curl -x 127.0.0.1:80 'http://111.com/upload/123.php' -I
HTTP/1.1 403 Forbidden
Date: Sat, 30 Jun 2018 15:53:59 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Content-Type: text/html; charset=iso-8859-1
限制user_agent
user_agent可以理解为浏览器标识,针对user_agent来限制一些访问,比如可以限制一些不太友好的搜索引擎“爬虫”,你之所以能在百度搜到一些论坛,就是因为百度会派一些“蜘蛛爬虫”过来抓取网站数据。“蜘蛛爬虫”抓取数据类似于用户用浏览器访问网站,当“蜘蛛爬虫”太多或者访问太频繁,就会浪费服务器资源。另外,也可以限制恶意请求,这种恶意请求我们通常称作cc***,他的原理很简单,就是用很多用户的电脑同时访问同一个站点,当访问量或者频率达到一定层次,会耗尽服务器资源,从而使之不能正常提供服务。这种cc***其实有很明显的规律,其中这些恶意请求的user_agent相同或者相似,那我们就可以通过限制user_agent发挥防***的作用。
1.针对user_agent来做访问限制的核心配置文件内容
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC]
RewriteRule .* - [F]
</IfModule>
[root@xuexi-001 111.com]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC]
RewriteRule .* - [F]
</IfModule>
2.测试配置文件以及重新加载
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
3.测试
[root@xuexi-001 111.com]# curl -x 127.0.0.1:80 'http://111.com/upload/123.php' -I
HTTP/1.1 403 Forbidden
Date: Sat, 30 Jun 2018 16:04:23 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Content-Type: text/html; charset=iso-8859-1
[root@xuexi-001 111.com]# curl -x 127.0.0.1:80 'http://111.com/123.php' -I
HTTP/1.1 403 Forbidden
Date: Sat, 30 Jun 2018 16:04:32 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Content-Type: text/html; charset=iso-8859-1
4.指定user_agent,如果不指定user_agent,那么curl作为user_agent会被限制访问,从上面测试可以看出
[root@xuexi-001 111.com]# curl -A "xuexi xuexi" -x 127.0.0.1:80 'http://111.com/123.php' -I
HTTP/1.1 200 OK
Date: Sat, 30 Jun 2018 16:11:14 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
X-Powered-By: PHP/5.6.36
Content-Type: text/html; charset=UTF-8
[root@xuexi-001 111.com]# tail /usr/local/apache2/logs/111.com-access_20180701.log
127.0.0.1 - - [01/Jul/2018:00:04:23 +0800] "HEAD http://111.com/upload/123.php HTTP/1.1" 403 - "-" "curl/7.29.0"
127.0.0.1 - - [01/Jul/2018:00:04:32 +0800] "HEAD http://111.com/123.php HTTP/1.1" 403 - "-" "curl/7.29.0"
127.0.0.1 - - [01/Jul/2018:00:08:43 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "xuexi"
127.0.0.1 - - [01/Jul/2018:00:10:34 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "xuexi"
127.0.0.1 - - [01/Jul/2018:00:11:14 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "xuexi xuexi"
解释说明:
常用配置选项:
使用参数 -A 指定了它的user_agent后就可以访问。
使用参数 -e 指定referer
使用参数 -x 相对省略本地绑定hosts
使用参数 -I 查看状态码
php相关配置
虽然PHP是以httpd一个模块的形式存在,但是PHP本身也有自己的配置文件。
1. 查看PHP配置文件位置
[root@xuexi-001 111.com]# ls
123.php admin baidu.jpg index.php upload
[root@xuexi-001 111.com]# vi index.php //编辑index文件,输入以下内容,保存退出。
<?php
phpinfo();
?>
浏览器访问:http://111.com/index.php
复制源码包里开发配置文件
[root@xuexi-001 etc]# cd /usr/local/src/php-5.6.36
[root@xuexi-001 php-5.6.36]# ls
acinclude.m4 main README.PARAMETER_PARSING_API
aclocal.m4 makedist README.REDIST.BINS
build Makefile README.RELEASE_PROCESS
buildconf Makefile.frag README.SELF-CONTAINED-EXTENSIONS
buildconf.bat Makefile.fragments README.STREAMS
CODING_STANDARDS Makefile.gcov README.SUBMITTING_PATCH
config.guess Makefile.global README.TESTING
config.log Makefile.objects README.TESTING2
config.nice makerpm README.UNIX-BUILD-SYSTEM
config.status meta_ccld README.WIN32-BUILD-SYSTEM
config.sub missing run-tests.php
configure mkinstalldirs sapi
configure.in modules scripts
CREDITS netware server-tests-config.php
ext NEWS server-tests.php
EXTENSIONS pear snapshot
footer php5.spec stamp-h.in
generated_lists php5.spec.in stub.c
genfiles php.gif tests
header php.ini-development travis
include php.ini-production TSRM
INSTALL README.EXT_SKEL UPGRADING
install-sh README.GIT-RULES UPGRADING.INTERNALS
libphp5.la README.input_filter vcsclean
libs README.MAILINGLIST_RULES win32
libtool README.md Zend
LICENSE README.namespaces
ltmain.sh README.NEW-OUTPUT-API
[root@xuexi-001 php-5.6.36]# cp php.ini-development /usr/local/php/etc/php.ini
cp:是否覆盖"/usr/local/php/etc/php.ini"? y
[root@xuexi-001 php-5.6.36]# /usr/local/apache2/bin/apachectl graceful
解释说明:
php.ini为PHP的配置文件,可以看出其在/usr/local/php/etc/php.ini
2.PHP的disable_functions
PHP有诸多的内置的函数,有一些函数(比如exec)会直接调取linux的系统命令,如果开放将会非常危险,因此,基于安全考虑应该把一些存在安全风险的函数禁掉。
示例如下:
[root@xuexi-001 php-5.6.36]# vi /usr/local/php/etc/php.ini
//搜索disable_functions,编辑加上如下函数
eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,phpinfo
[root@xuexi-001 php-5.6.36]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 php-5.6.36]# /usr/local/apache2/bin/apachectl graceful
3.定义date.timezone(时区),如果不定义会导致有告警信息
[root@xuexi-001 php-5.6.36]# vi /usr/local/php/etc/php.ini //找到date.timezone
定义如下:
date.timezone = Asia/Shangahi(或Chongqing)
[root@xuexi-001 php-5.6.36]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 php-5.6.36]# /usr/local/apache2/bin/apachectl graceful
4. 配置 error_log
PHP的日志对于程序员来讲非常重要,它是排查问题的重要手段。
如果加上了phpinfo函数后,浏览器上访问http://111.com/index.php 就会有信息输出,这样也暴露的地址目录,相对来说也不安全,我们需要把报错信息也隐藏掉,操作如下:
[root@xuexi-001 php-5.6.36]# vi /usr/local/php/etc/php.ini
//搜索display_errors
定义如下:
display_errors = Off
[root@xuexi-001 php-5.6.36]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 php-5.6.36]# /usr/local/apache2/bin/apachectl graceful
使用curl 测试
[root@xuexi-001 php-5.6.36]# curl -A "a" -x127.0.0.1:80 http://111.com/index.php
[root@xuexi-001 php-5.6.36]# curl -A "a" -x127.0.0.1:80 http://111.com/index.php -I
HTTP/1.1 200 OK
Date: Sun, 01 Jul 2018 15:40:37 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
X-Powered-By: PHP/5.6.36
Content-Type: text/html; charset=UTF-8
总结:配置了display_errors = Off后,浏览器访问没有任何输出信息,一片空白,使用curl输出也是一样,这样我们就无法判断是否有问题,所以需要配置错误日志。
修改配置日志示例如下:
[root@xuexi-001 php-5.6.36]# vi /usr/local/php/etc/php.ini //搜索log_errors 改为 log_errors =On
//搜索error_log 改为 /tmp/php_errors.log
//搜索error_reporting 改为 error_reporting = E_ALL & ~E_NOTICE
//搜索display_errors 改为 display_errors = Off
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
[root@xuexi-001 ~]# curl -A "a" -x127.0.0.1:80 http://111.com/index.php
[root@xuexi-001 ~]# ls /tmp/
pear
php_errors.log
systemd-private-85c5235a6be24b64a7b2f04d7e89bbe1-chronyd.service-1yQ32M
systemd-private-85c5235a6be24b64a7b2f04d7e89bbe1-vgauthd.service-JwsZ3V
systemd-private-85c5235a6be24b64a7b2f04d7e89bbe1-vmtoolsd.service-FHWlxm
[root@xuexi-001 ~]# ls -l /tmp/php_errors.log
-rw-r--r-- 1 daemon daemon 135 7月 1 23:57 /tmp/php_errors.log
[root@xuexi-001 ~]# ps aux |grep httpd
root 1440 0.0 0.6 259952 12828 ? Ss 7月01 0:00 /usr/local/apache2/bin/httpd -k graceful
daemon 3094 0.0 0.5 546780 9544 ? Sl 7月01 0:00 /usr/local/apache2/bin/httpd -k graceful
daemon 3095 0.0 0.6 612316 12360 ? Sl 7月01 0:00 /usr/local/apache2/bin/httpd -k graceful
daemon 3096 0.0 0.5 546780 9544 ? Sl 7月01 0:00 /usr/local/apache2/bin/httpd -k graceful
root 3240 0.0 0.0 112720 968 pts/3 R+ 00:01 0:00 grep --color=autohttpd
为了保险起见,可以先创建一个php_errors.log再赋予 777 的权限
[root@xuexi-001 ~]# touch /tmp/php_errors.log ; chmod 777 /tmp/php_errors.log
[root@xuexi-001 ~]# cat /tmp/php_errors.log
[01-Jul-2018 15:57:43 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/111.com/index.php on line 2
模拟一个错误演示:
[root@xuexi-001 ~]# vi /data/wwwroot/111.com/2.php
<?php
echo 1234.php;
adfadgagagag
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
[root@xuexi-001 ~]# curl -A "a" -x127.0.0.1:80 http://111.com/2.php
[root@xuexi-001 ~]# curl -A "a" -x127.0.0.1:80 http://111.com/2.php -I
HTTP/1.0 500 Internal Server Error
Date: Sun, 01 Jul 2018 16:10:23 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
X-Powered-By: PHP/5.6.36
Connection: close
Content-Type: text/html; charset=UTF-8
// 出现状态码500,这说明我们访问的页面是存在错误的,此时需要查看PHP的错误日志来判定错误原因,如下:
[root@xuexi-001 ~]# cat /tmp/php_errors.log
[01-Jul-2018 15:57:43 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/111.com/index.php on line 2
[01-Jul-2018 16:10:18 UTC] PHP Parse error: syntax error, unexpected 'php' (T_STRING), expecting ',' or ';' in /data/wwwroot/111.com/2.php on line 3
[01-Jul-2018 16:10:23 UTC] PHP Parse error: syntax error, unexpected 'php' (T_STRING), expecting ',' or ';' in /data/wwwroot/111.com/2.php on line 3
149
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
