11-2 11 LAMP複習 參數
複習LAMP
虛擬主機
[root@axiang-03 apache2.4]# vim conf/httpd.conf
[root@axiang-03 apache2.4]# vim conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/aaa.com"
ServerName aaa.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/bbb.com"
ServerName bbb.com
ServerAlias www.bbb.com www.222.com 222.com
ErrorLog "logs/bbb.com-error_log"
CustomLog "logs/bbb.com-access_log" common
</VirtualHost>
改一下win7 hosts 瀏覽器就能夠訪問了javascript
Apache用戶認證
全目錄用戶認證php
[root@axiang-03 ~]# cd /usr/local/apache2.4/ [root@axiang-03 apache2.4]# vim conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/wwwroot/ccc.com" ServerName ccc.com <Directory /data/wwwroot/ccc.com> AllowOverride AuthConfig AuthName "ccc.com user auth" AuthType Basic AuthUserFile /data/.htpasswd require valid-user </Directory> </VirtualHost> [root@axiang-03 apache2.4]# bin/htpasswd -cm /data/.htpasswd axiang New password: Re-type new password: Adding password for user axiang [root@axiang-03 apache2.4]# bin/htpasswd -m /data/.htpasswd admin New password: Re-type new password: Adding password for user admin [root@axiang-03 apache2.4]# bin/apachectl -t AH00112: Warning: DocumentRoot [/data/wwwroot/ccc.com] does not exist Syntax OK [root@axiang-03 apache2.4]# mkdir /data/wwwroot/ccc.com [root@axiang-03 apache2.4]# vim !$/index.php vim /data/wwwroot/ccc.com/index.php [root@axiang-03 apache2.4]# bin/apachectl -t Syntax OK [root@axiang-03 apache2.4]# bin/apachectl graceful
單頁面用戶認證css
[root@axiang-03 apache2.4]# vim conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/ccc.com"
ServerName ccc.com
#<Directory /data/wwwroot/ccc.com>
<FilesMatch admin.php>
AllowOverride AuthConfig
AuthName "ccc.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch>
#</Directory>
</VirtualHost>
[root@axiang-03 apache2.4]# bin/apachectl -t
Syntax OK
[root@axiang-03 apache2.4]# bin/apachectl graceful
[root@axiang-03 apache2.4]# vim /data/wwwroot/ccc.com/admin.php
域名跳轉
[root@axiang-03 apache2.4]# vim conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/bbb.com"
ServerName bbb.com
ServerAlias www.bbb.com www.222.com 222.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^bbb.com$
RewriteRule ^/(.*)$ http://bbb.com/$1 [R=301,L]
</IfModule>
ErrorLog "logs/bbb.com-error_log"
CustomLog "logs/bbb.com-access_log" common
</VirtualHost>
[root@axiang-03 apache2.4]# vim conf/httpd.conf
[root@axiang-03 apache2.4]# bin/apachectl -t Syntax OK [root@axiang-03 apache2.4]# bin/apachectl graceful [root@axiang-03 apache2.4]# curl -x192.168.83.139:80 -I 222.com HTTP/1.1 301 Moved Permanently
Apache訪問日誌
[root@axiang-03 apache2.4]# vim conf/httpd.conf
[root@axiang-03 apache2.4]# vim conf/extra/httpd-vhosts.conf
[root@axiang-03 apache2.4]# bin/apachectl -t Syntax OK [root@axiang-03 apache2.4]# bin/apachectl graceful [root@axiang-03 apache2.4]# curl -x127.0.0.1:80 -I bbb.com HTTP/1.1 200 OK Date: Tue, 08 Aug 2017 13:57:20 GMT Server: Apache/2.4.27 (Unix) PHP/5.6.30 X-Powered-By: PHP/5.6.30 Content-Type: text/html; charset=UTF-8 [root@axiang-03 apache2.4]# tail -2 logs/bbb.com-access_log 192.168.83.139 - - [08/Aug/2017:21:46:16 +0800] "HEAD HTTP://222.com/ HTTP/1.1" 301 - 127.0.0.1 - - [08/Aug/2017:21:57:20 +0800] "HEAD HTTP://bbb.com/ HTTP/1.1" 200 - "-" "curl/7.29.0"
訪問日誌不記錄靜態文件
<VirtualHost *:80> DocumentRoot "/data/wwwroot/ddd.com" ServerName ddd.com SetEnvIf Request_URI ".*\.gif$" img SetEnvIf Request_URI ".*\.jpg$" img SetEnvIf Request_URI ".*\.png$" img SetEnvIf Request_URI ".*\.bmp$" img SetEnvIf Request_URI ".*\.swf$" img SetEnvIf Request_URI ".*\.js$" img SetEnvIf Request_URI ".*\.css$" img CustomLog "logs/ddd.com-access_log" combined env=!img </VirtualHost>
訪問日誌切割
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/ddd.com-access_%Y%m%d.log 86400" combined env=!img
靜態元素過時時間
[root@axiang-03 apache2.4]# vim conf/extra/httpd-vhosts.conf <IfModule mod_expires.c> ExpiresActive on ExpiresByType image/gif "access plus 1 days" ExpiresByType image/jpeg "access plus 24 hours" ExpiresByType image/png "access plus 24 hours" ExpiresByType text/css "now plus 2 hour" ExpiresByType application/x-javascript "now plus 2 hours" ExpiresByType application/javascript "now plus 2 hours" ExpiresByType application/x-shockwave-flash "now plus 2 hours" ExpiresDefault "now plus 0 min" </IfModule> [root@axiang-03 apache2.4]# vim conf/httpd.conf
[root@axiang-03 apache2.4]# vim conf/httpd.conf [root@axiang-03 apache2.4]# bin/apachectl -t [root@axiang-03 apache2.4]# cd /data/wwwroot/ddd.com/ [root@axiang-03 ddd.com]# rz [root@axiang-03 ddd.com]# curl -x127.0.0.1:80 ddd.com/baidu.png -I
配置防盜鏈
<Directory /data/wwwroot/ddd.com> SetEnvIfNoCase Referer "http://ddd.com" local_ref SetEnvIfNoCase Referer "http://ask.apelearn.com" local_ref SetEnvIfNoCase Referer "^$" local_ref <FilesMatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)"> Order Allow,Deny //容許定義,其餘來源禁止 Allow from env=local_ref </FilesMatch> </Directory> [root@axiang-03 apache2.4]# curl -x127.0.0.1:80 ddd.com/baidu.png -I HTTP/1.1 200 OK [root@axiang-03 apache2.4]# curl -e "http://www.qq.com" -x127.0.0.1:80 ddd.com/baidu.png -I HTTP/1.1 403 Forbidden
訪問控制Directory
[root@axiang-03 apache2.4]# cd - /data/wwwroot/ddd.com [root@axiang-03 ddd.com]# mkdir admin [root@axiang-03 ddd.com]# vim admin/info.php [root@axiang-03 ddd.com]# cd - /usr/local/apache2.4 [root@axiang-03 apache2.4]# vim conf/extra/httpd-vhosts.conf <Directory /data/wwwroot/ddd.com/admin/> Order deny,allow Deny from all Allow from 127.0.0.1 </Directory> [root@axiang-03 apache2.4]# bin/apachectl -t Syntax OK [root@axiang-03 apache2.4]# bin/apachectl graceful [root@axiang-03 apache2.4]# curl -x127.0.0.1:80 ddd.com/admin/info.php -I HTTP/1.1 200 OK [root@axiang-03 apache2.4]# curl -x192.168.83.139:80 ddd.com/admin/info.php -I HTTP/1.1 403 Forbidden
訪問控制FilesMatch
[root@axiang-03 apache2.4]# vim conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/ddd.com"
ServerName ddd.com
<Directory /data/wwwroot/ddd.com/admin/>
<FilesMatch (.*)files.php(.*)>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
</VirtualHost>
[root@axiang-03 apache2.4]# curl -x192.168.83.139:80 ddd.com/admin/info.php -I
HTTP/1.1 200 OK
[root@axiang-03 apache2.4]# curl -x192.168.83.139:80 ddd.com/admin/files.php -I
HTTP/1.1 403 Forbidden
[root@axiang-03 apache2.4]# curl -x192.168.83.139:80 ddd.com/admin/aefiles.phpeon -I
HTTP/1.1 403 Forbidden
限定某個目錄禁止解析php
[root@axiang-03 apache2.4]# vim conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/wwwroot/aaa.com" ServerName aaa.com <Directory /data/wwwroot/aaa.com/uplode/> php_admin_flag engine off </Directory> </VirtualHost> [1]+ 已中止 vim conf/extra/httpd-vhosts.conf [root@axiang-03 apache2.4]# mkdir /data/wwwroot/aaa.com/uplode/ [root@axiang-03 apache2.4]# vim !$1.php vim /data/wwwroot/aaa.com/uplode/1.php [root@axiang-03 apache2.4]# bin/apachectl -t Syntax OK [root@axiang-03 apache2.4]# bin/apachectl graceful [root@axiang-03 apache2.4]# curl -x192.168.83.139:80 aaa.com/uplode/1.php <? echo "this is uploda php"; ?>
- 核心配置
php_admin_flag engine off - 有的瀏覽器會直接下載
限制user_agent
[root@axiang-03 apache2.4]# fg
vim conf/extra/httpd-vhosts.conf
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC]
RewriteRule .* - [F]
</IfModule>
[1]+ 已中止 vim conf/extra/httpd-vhosts.conf
[root@axiang-03 apache2.4]# bin/apachectl -t
Syntax OK
[root@axiang-03 apache2.4]# bin/apachectl graceful
[root@axiang-03 apache2.4]# curl -x192.168.83.139:80 aaa.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.<br />
</p>
</body></html>
[root@axiang-03 apache2.4]# curl -x192.168.83.139:80 aaa.com -I
HTTP/1.1 403 Forbidden
Date: Wed, 09 Aug 2017 01:44:45 GMT
Server: Apache/2.4.27 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
[root@axiang-03 apache2.4]# curl -A "123" -x192.168.83.139:80 aaa.com -I
HTTP/1.1 200 OK
php相關配置
[root@axiang-03 apache2.4]# tree /data/wwwroot/
/data/wwwroot/
├── aaa.com
│ ├── index.html
│ └── uplode
│ └── 1.php
├── bbb.com
│ └── index.php
├── ccc.com
│ ├── admin.php
│ └── index.php
└── ddd.com
├── 1.jpg
├── admin
│ ├── files.php
│ └── info.php
├── baidu.png
└── index.php
[root@axiang-03 apache2.4]# /usr/local/php/bin/php -i | grep -i "loaded config" Loaded Configuration File => /usr/local/php/etc/php.ini PHP Warning: Unknown: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting... [root@axiang-03 apache2.4]# cd /usr/local/php/ [root@axiang-03 php]# vim etc/php.ini
關掉告警html
禁用不安全參數java
disable_functions =eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,phpinfo
調整日誌參數shell
log_errors = On
錯誤日誌開啓
error_log = /tmp/php_errors.log
定義日誌路徑
display_errors = Off
不把錯誤輸出到瀏覽器裏
error_reporting = E_ALL //這是全紀錄
定義錯誤級別,Notic通常不用記錄,上面有修改格式
[root@axiang-03 php]# cd - /usr/local/apache2.4 [root@axiang-03 apache2.4]# vim /data/wwwroot/ccc.com/index.php [root@axiang-03 apache2.4]# bin/apachectl -t Syntax OK [root@axiang-03 apache2.4]# bin/apachectl graceful [root@axiang-03 apache2.4]# cat /tmp/php_errors.log [09-Aug-2017 10:30:58 Asia/Chongqing] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/ddd.com/admin/info.php on line 1 [09-Aug-2017 10:42:40 Asia/Chongqing] PHP Parse error: syntax error, unexpected 'aefa' (T_STRING) in /data/wwwroot/ccc.com/index.php on line 3
- 這裏的禁用phpinfo參數curl訪問依然是200,error_reporting若是不記錄Notic也不會提示
- apache禁用php解析,php不會報錯
設置基礎目錄隔離不一樣網站apache
php_admin_value open_basedir "/data/wwwroot/xxx.com:/tmp/"
- 在php.ini裏設置open_basedir會讓其餘虛擬主機沒法訪問(訪問代碼500)
相關文章
- 1. 11-1 11 LAMP複習 安裝
- 2. [11]LAMP架構
- 3. Linux 學習筆記11-lamp+redis主從
- 4. 參數綁定(11)
- 5. (11) ConvLSTM參數詳解(Keras)
- 6. LAMP編譯安裝與編譯參數
- 7. 112.Path Sum
- 8. [LeetCode]112.Path Sum
- 9. 7-112 刪除重複字符
- 10. uva 112
- 更多相關文章...
- • C# 參數數組 - C#教程
- • ionic 複選框 - ionic 教程
- • Flink 數據傳輸及反壓詳解
- • Tomcat學習筆記(史上最全tomcat學習筆記)
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 11-1 11 LAMP複習 安裝
- 2. [11]LAMP架構
- 3. Linux 學習筆記11-lamp+redis主從
- 4. 參數綁定(11)
- 5. (11) ConvLSTM參數詳解(Keras)
- 6. LAMP編譯安裝與編譯參數
- 7. 112.Path Sum
- 8. [LeetCode]112.Path Sum
- 9. 7-112 刪除重複字符
- 10. uva 112