限制某个目录禁止解析php
1.修改虚拟主机配置文件:
[root@weixing01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/111.com/upload>
php_admin_flag engine off
# <FilesMatch (.*)\.php(.*)>
# Order allow,deny
# Deny from all
# </FilesMatch>
</Directory>
2.测试:
[root@weixing01 111.com]# curl -x127.0.0.1:80 'http://111.com/upload/123.php' -I
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 14:30:22 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Last-Modified: Wed, 07 Mar 2018 14:20:10 GMT
ETag: "16-566d341bfefe2"
Accept-Ranges: bytes
Content-Length: 22
Content-Type: application/x-httpd-php
[root@weixing01 111.com]# curl -x127.0.0.1:80 'http://111.com/upload/123.php'
<?php
echo "123.php";
限制user_agent
1.修改虚拟主机配置文件:
[root@weixing01 111.com]# !vim
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC]
RewriteRule .* - [F]
</IfModule>
2.测试:curl -e指定refer -A 指定user_agent -x指定hosts -I 查看状态码
[root@weixing01 111.com]# curl -x127.0.0.1:80 'http://111.com/upload/123.php' -I
HTTP/1.1 403 Forbidden
Date: Wed, 07 Mar 2018 14:42:42 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
[root@weixing01 111.com]# curl -x127.0.0.1:80 'http://111.com/123.php' -I
HTTP/1.1 403 Forbidden
Date: Wed, 07 Mar 2018 14:42:57 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
[root@weixing01 111.com]# curl -A "weixing01 weixing01" -x127.0.0.1:80 'http://111.com/123.php' -I
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 14:43:45 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
php相关配置
1.查看php配置文件位置并修改
[root@weixing01 php-7.1.6]# vim /usr/local/php7/etc/php.ini
disable_functions =eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,phpinfo
2.测试禁止的功能是否实现
3.定义时区:
;date.timezone =Asia/Chongqing
4.修改错误信息显示:
; Production Value: Off
; http://php.net/display-errors
display_errors = Off
[root@weixing01 php-7.1.6]# curl -A "a" -x127.0.0.1:80 http://111.com/index.php -I
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 15:07:04 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[root@weixing01 php-7.1.6]# curl -A "a" -x127.0.0.1:80 http://111.com/index.php
不显示错误信息在网页,但是没有任何输出,不正常
5.配置错误日志:
error_log =/tmp/php_errors.log
log_errors = On
display_errors = Off
; E_ALL (Show all errors, warnings and notices including coding standards.)
; E_ALL & ~E_NOTICE (Show all errors, except for notices)
; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
; Development Value: E_ALL
; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
; http://php.net/error-reporting
error_reporting = E_ALL
[root@weixing01 php-7.1.6]# ls -l /tmp/php_errors.log
-rw-r--r-- 1 daemon daemon 135 3月 7 23:14 /tmp/php_errors.log
[root@weixing01 php-7.1.6]# cat !$
cat /tmp/php_errors.log
[07-Mar-2018 15:14:24 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/111.com/index.php on line 2
6.定义open_basedir:在 虚拟主机配置文件中定义
php_admin_value open_basedir "/data/wwwroot/111.com:/tmp/"