11.28 限定某个目录禁止解析php
由于网站是可以直接执行php程序的,而因为直接执行php程序这个方便快捷的功能,很多别有用心的人会利用这个功能去做一些恶意的行为,
从而这会导致变成一个漏洞,使其网站奔溃,所以我们搭建网站的时候,有必要把某目录php解析功能给关闭掉。
核心配置文件内容
php_admin_flag engine off
检查状态并重新加载。[root@AliKvn ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@AliKvn ~]# /usr/local/apache2.4/bin/apachectl graceful
curl测试时直接返回了php源代码,并未解析[root@AliKvn 111.com]# curl -x127.0.0.1:80 111.com/upload/123.php
echo "filesmatch";
?>
11.29访问控制 – user_agent
user_agent可以理解为浏览器标识
核心配置文件内容
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC]
RewriteRule .* - [F]
curl -A "123123" 指定user_agent
11.30 11.31 11.32 PHP相关配置
查看php配置文件位置/usr/local/php/bin/php -i|grep -i "loaded configuration file"
/usr/local/php/bin/php -i |grep -i "loaded configuration file"
Loaded Configuration File => /usr/local/php/etc/php.ini
PHP Warning: Unknown: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in Unknown on line 0
以上不是报错信息,大致内容是时间格式不匹对的提示信息。
修改php.inidate.timezone=Asia/Shanghai
关闭php内置函数,提高php安全性。disable_functions=
eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close
定义日志error_log, log_errors, display_errors, error_reporting
open_basedir
php_admin_value open_basedir "/data/wwwroot/111.com:/tmp/"
扫一扫
177
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
