LAMP架構二
安裝PHP7
1.查看php配置文件信息(phpinfo),php有兩個配置文件開發環境和生產環境javascript
[root@localhost php-5.6.30]# /usr/local/php/bin/php -i |less
2.咱們將配置文件放到/usr/local/php/etc/php.ini下php
[root@localhost php-5.6.30]# cp php.ini-production /usr/local/php/etc/php.ini [root@localhost php-5.6.30]#
3.安裝php7(bz2的壓縮包用 tar -jxvf解壓)css
[root@localhost php-7.1.6]# cd /usr/local/src/^C [root@localhost php-7.1.6]# wget http://mirrors.sohu.com/php/php-7.1.6.tar.gz^C [root@localhost php-7.1.6]# tar -zxvf php-7.1.6.tar.gz ^C [root@localhost php-7.1.6]# cd php-7.1.6/^C [root@localhost php-7.1.6]#
4.php7配置文件html
[root@localhost php-7.1.6]# ./configure --prefix=/usr/local/php7
--with-apxs2=/usr/local/apache2.4/bin/apxs
--with-config-file-path=/usr/local/php7/etc
--with-pdo-mysql=/usr/local/mysql
--with-mysqli=/usr/local/mysql/bin/mysql_config
--with-libxml-dir
--with-gd
--with-jpeg-dir
--with-png-dir
--with-freetype-dir
--with-iconv-dir
--with-zlib-dir
--with-bz2
--with-openssl
--with-mcrypt
--enable-soap
--enable-gd-native-ttf
--enable-mbstring
--enable-sockets
--enable-exif
5.make && make installvue
6.查看文件php7模塊文件java
[root@localhost php-7.1.6]# ls /usr/local/apache2.4/modules/libphp7.so /usr/local/apache2.4/modules/libphp7.so [root@localhost php-7.1.6]# du -sh /usr/local/apache2.4/modules/libphp7.so 37M /usr/local/apache2.4/modules/libphp7.so [root@localhost php-7.1.6]#
7.發現apache加載了mysql
php5_module (shared)web
php7_module (shared)sql
[root@localhost php-7.1.6]# /usr/local/apache2.4/bin/apachectl -M AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message Loaded Modules: core_module (static) so_module (static) http_module (static) mpm_event_module (static) authn_file_module (shared) authn_core_module (shared) authz_host_module (shared) authz_groupfile_module (shared) authz_user_module (shared) authz_core_module (shared) access_compat_module (shared) auth_basic_module (shared) reqtimeout_module (shared) filter_module (shared) mime_module (shared) log_config_module (shared) env_module (shared) headers_module (shared) setenvif_module (shared) version_module (shared) unixd_module (shared) status_module (shared) autoindex_module (shared) dir_module (shared) alias_module (shared) php5_module (shared) php7_module (shared) [root@localhost php-7.1.6]#
8.想要只支持一個php怎麼作呢,修改httpd.conf,將php5模塊所在的行註釋掉vuex
[root@localhost php-7.1.6]# !vim vim /usr/local/apache2.4/conf/httpd.conf [root@localhost php-7.1.6]#
Apache和PHP結合
1.解決啓動apache提示警告信息文件,編輯apache配置文件將ServerName註釋狀態打開
2.啓動apache,查看httpd服務是否啓動成功
[root@localhost php-7.1.6]# /usr/local/apache2.4/bin/apachectl restart [root@localhost php-7.1.6]# ps aux|grep httpd daemon 60694 0.0 0.3 435528 3740 ? Sl 09:42 0:00 /usr/local/apache2.4/bin/httpd -k start daemon 60695 0.0 0.3 435528 3736 ? Sl 09:42 0:00 /usr/local/apache2.4/bin/httpd -k start daemon 60696 0.0 0.3 435528 3740 ? Sl 09:42 0:00 /usr/local/apache2.4/bin/httpd -k start root 60779 2.0 0.0 112680 976 pts/5 S+ 09:42 0:00 grep --color=auto httpd root 99405 0.0 0.6 146616 6988 ? Ss 2月01 0:07 /usr/local/apache2.4/bin/httpd -k start [root@localhost php-7.1.6]#
3.查看服務器是否開啓80端口,發現並無開啓
[root@localhost php-7.1.6]# iptables -nvL
4.臨時將80端口規則加到防火牆中(-I 添加規則、-D 刪除規則),發現瀏覽器能夠訪問服務器了,telnet也能夠鏈接服務器了
[root@localhost php-7.1.6]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
5.編輯apache配置文件denied改成granted
6.查看配置文件是否有語法錯誤
[root@localhost local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@localhost local]#
7.從新加載配置文件
[root@localhost local]# /usr/local/apache2.4/bin/apachectl graceful [root@localhost local]#
8.添加配置文件,檢查配置文件是否正常。
[root@localhost local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@localhost local]# /usr/local/apache2.4/bin/apachectl graceful [root@localhost local]#
9.能夠正常訪問服務器
10.支持php
Apache默認虛擬主機
1.編輯httpd.conf文件去掉虛擬主機配置文件#號
2.編輯虛擬主機配置文件並創建相對應的目錄
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/data/wwwroot/abc.com"
ServerName abc.com
ServerAlias www.abc.com www.123.com
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
[root@localhost ~]# mkdir /data/wwwroot/ [root@localhost ~]# mkdir /data/wwwroot/abc.com [root@localhost ~]# mkdir /data/wwwroot/111.com [root@localhost ~]# vim /data/wwwroot/abc.com/index.php [root@localhost ~]#
3.建立index.php文件並寫點代碼
[root@localhost ~]# vim /data/wwwroot/111.com/index.php [root@localhost ~]#
4.檢查配置文件
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful [root@localhost ~]#
5.curl命令來檢測是否能夠訪問-x 選項能夠爲CURL添加代理功能,用瀏覽器看須要本地作host
[root@localhost ~]# curl -x10.21.95.122:80 abc.com abc.com[root@localhost ~]# curl -x10.21.95.122:80 abce.com abc.com[root@localhost ~]# curl -x10.21.95.122:80 abcee.com abc.com[root@localhost ~]# curl -x10.21.95.122:80 www.example.com 111.com[root@localhost ~]#
6.打開虛擬主機配置文件,主配置文件將失效
Apache用戶認證
1.修改虛擬主機配置文件
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
<Directory /data/wwwroot/111.com>
AllowOverride AuthConfig
AuthName "Restricted Files"
AuthType Basic
AuthUserFile /data/.htpasswd
Require valid-user
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
2.生成用戶密碼文件
[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf [root@localhost ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd apache New password: Re-type new password: Adding password for user apache [root@localhost ~]#
[root@localhost ~]# /usr/local/apache2.4/bin/htpasswd -m /data/.htpasswd apache1 New password: Re-type new password: Adding password for user apache1 [root@localhost ~]# cat /data/.htpasswd apache:$apr1$7yblTxbh$nuIrcwIU3nlsee3Aek8jJ. apache1:$apr1$1bnu4tPX$/u15wjn1vuexrW8ROHC9u0 [root@localhost ~]#
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful [root@localhost ~]#
3.curl訪問提示401 -I 只看狀態碼不看返回的內容
[root@localhost ~]# curl -x127.0.0.1:80 111.com -I HTTP/1.1 401 Unauthorized Date: Fri, 02 Feb 2018 07:44:52 GMT Server: Apache/2.4.28 (Unix) PHP/5.6.30 WWW-Authenticate: Basic realm="Restricted Files" Content-Type: text/html; charset=iso-8859-1 [root@localhost ~]#
4.用瀏覽器訪問,編輯客戶端host文件,訪問111.com
5.用curl方式輸入用戶名密碼方式訪問
[root@localhost ~]# curl -x127.0.0.1:80 -uapache:apache 111.com 111.com[root@localhost ~]#
1.filesmatch指定文件認證
域名跳轉
1.修改配置文件域名跳轉須要在虛擬主機配置中添加別名和一個 rewrite 模塊,以下,配置當訪問 www.aaa.com 時跳轉到 www.test.com
[root@localhost ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.aaa.com$
RewriteRule ^/(.*)$ http://www.test.com/$1 [R=301,L]
</IfModule>
</VirtualHost>
[root@localhost ~]# /usr/local/apache2/bin/apachectl -t [root@localhost ~]# /usr/local/apache2/bin/apachectl graceful
2.擴展:若是有多個域名跳轉到一個域名如何配置,以下,配置當訪問 www.aaa.com 或訪問 www.bbb.com 時跳轉到 www.test.com
[root@localhost ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com # 這裏配置兩個別名
ServerAlias www.bbb.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.aaa.com$ [OR] # 這裏末尾要加[OR],表示或者
RewriteCond %{HTTP_HOST} ^www.bbb.com$
RewriteRule ^/(.*)$ http://www.test.com/$1 [R=301,L]
</IfModule>
</VirtualHost>
3.查看是否加載了rewrite模塊
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite [root@localhost ~]# vi /usr/local/apache2.4/conf/httpd.conf [root@localhost ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite rewrite_module (shared) [root@localhost ~]#
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful [root@localhost ~]#
Apache訪問日誌
經常使用命令
1.查看apache的進程數
ps -aux | grep httpd | wc -l
2.分析日誌查看當天的ip鏈接數
cat default-access_log | grep "10/Dec/2010" | awk '{print $2}' | sort | uniq -c | sort -nr
3.查看指定的ip在當天究竟訪問了什麼url
cat default-access_log | grep "10/Dec/2010" | grep "218.19.140.242" | awk '{print $7}' | sort | uniq -c | sort -nr
4.查看當天訪問排行前10的url
cat default-access_log | grep "10/Dec/2010" | awk '{print $7}' | sort | uniq -c | sort -nr | head -n 10
5.看到指定的ip究竟幹了什麼
cat default-access_log | grep 218.19.140.242 | awk '{print $1"\t"$8}' | sort | uniq -c | sort -nr | less
6.查看訪問次數最多的幾個分鐘(找到熱點)
awk '{print $4}' default-access_log |cut -c 14-18|sort|uniq -c|sort -nr|head
1.查看日誌
[root@localhost ~]# cat /usr/local/apache2.4/logs/ 111.com-access_log abc.com-error_log httpd.pid 111.com-error_log access_log abc.com-access_log error_log [root@localhost ~]# cat /usr/local/apache2.4/logs/111.com-access_log 10.21.95.122 - - [02/Feb/2018:15:19:15 +0800] "GET HTTP://www.example.com/ HTTP/1.1" 200 7 127.0.0.1 - - [02/Feb/2018:15:44:52 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 401 - 10.21.95.218 - - [02/Feb/2018:15:48:48 +0800] "GET / HTTP/1.1" 401 381 10.21.95.218 - apache [02/Feb/2018:15:50:00 +0800] "GET / HTTP/1.1" 401 381 10.21.95.218 - apache [02/Feb/2018:15:50:26 +0800] "GET / HTTP/1.1" 200 7 10.21.95.218 - apache [02/Feb/2018:15:50:26 +0800] "GET /favicon.ico HTTP/1.1" 404 209 127.0.0.1 - apache [02/Feb/2018:15:53:11 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7 [root@localhost ~]#
2.查看gz壓縮包內容
zcat access_log.2018020209.gz |head
3.定義新的日誌文件格式common改成combined,日誌記錄更詳細。
4.讓配置文件生效
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful [root@localhost ~]#
訪問日誌不記錄靜態文件
1,當訪問不少圖片,文檔等靜態資源的時候,會加大你日誌的容量,日誌容量佔用你磁盤空間後,會出現服務器宕機等很嚴重的問題,這時須要將日誌進行配置優化。當訪問網頁時不記錄這些圖片、css、js等信息日誌。
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
CustomLog "logs/111.com-access_log" combined env=!img
2.從新加載配置文件
[root@bogon ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@bogon ~]# curl -x127.0.0.1:80 111.com/aaaa.jpg <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /aaaa.jpg was not found on this server.</p> </body></html> [root@bogon ~]#
3.訪問不是規則包含的連接被記錄到日誌,jpg結尾的不記錄到日誌
[root@bogon ~]# curl -x127.0.0.1:80 111.com/aaaa.jpg1
[root@bogon ~]# tail /usr/local/apache2.4/logs/111.com-access_log 127.0.0.1 - - [02/Feb/2018:15:44:52 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 401 - 10.21.95.218 - - [02/Feb/2018:15:48:48 +0800] "GET / HTTP/1.1" 401 381 10.21.95.218 - apache [02/Feb/2018:15:50:00 +0800] "GET / HTTP/1.1" 401 381 10.21.95.218 - apache [02/Feb/2018:15:50:26 +0800] "GET / HTTP/1.1" 200 7 10.21.95.218 - apache [02/Feb/2018:15:50:26 +0800] "GET /favicon.ico HTTP/1.1" 404 209 127.0.0.1 - apache [02/Feb/2018:15:53:11 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7 10.21.95.218 - apache [02/Feb/2018:17:48:08 +0800] "GET / HTTP/1.1" 200 7 10.21.95.218 - apache [02/Feb/2018:18:11:59 +0800] "GET / HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" 10.21.95.218 - apache [02/Feb/2018:18:12:00 +0800] "GET / HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" 127.0.0.1 - - [05/Feb/2018:17:53:08 +0800] "GET HTTP://111.com/aaaa.jpg1 HTTP/1.1" 401 381 "-" "curl/7.29.0" [root@bogon ~]#
訪問日誌切割
1.添加配置文件選項rotatelogs -l 切割命令 -l 指定以什麼時間格式切割 86400 天天0點生成一個新的文件
2.生成了記錄日期格式的日誌文件111.com-access_20180206.log
[root@bogon ~]# curl -x127.0.0.1:80 111.com/index.php 111.com[root@bogon ~]# ls /usr/local/apache2.4/logs/ 111.com-access_20180206.log 111.com-error_log abc.com-error_log error_log 111.com-access_log abc.com-access_log access_log httpd.pid [root@bogon ~]#
[root@bogon ~]# cat /usr/local/apache2.4/logs/111.com-access_20180206.log 127.0.0.1 - - [06/Feb/2018:09:14:26 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 404 205 "-" "curl/7.29.0" 127.0.0.1 - - [06/Feb/2018:09:15:44 +0800] "GET HTTP://111.com/index.php HTTP/1.1" 200 7 "-" "curl/7.29.0" [root@bogon ~]#
3.還須要寫一個任務計劃超過多少天的日誌刪除減少空間佔用crontab
00 * * * * find /applog/app -type f -mtime +1 -exec rm -f {} \;
靜態元素過時時間
1.在虛擬主機配置文件中添加expires_module模塊配置文件
[root@bogon 111.com]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType image/gif "access plus 1 days"
ExpiresByType image/jpeg "access plus 24 hours"
ExpiresByType image/png "access plus 24 hours"
ExpiresByType test/css "now plus 2 hours"
ExpiresByType application/x-javascripts "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
[root@bogon 111.com]# /usr/local/apache2.4/bin/apachectl -t
2.查看模塊是否打開,打開expires模塊
[root@bogon 111.com]# /usr/local/apache2.4/bin/apachectl -M|grep expires [root@bogon 111.com]#
[root@bogon 111.com]# /usr/local/apache2.4/bin/apachectl graceful [root@bogon 111.com]# /usr/local/apache2.4/bin/apachectl -M|grep expires expires_module (shared) [root@bogon 111.com]#
配置防盜鏈
1.配置文件增長,111.com和aaa.com容許,其餘的拒絕
<Directory /data/wwwroot/111.com>
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "http://aaa.com" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">
Order Allow,Deny
Allow from env=local_ref
Deny from all
</filesmatch>
</Directory>
[root@bogon ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf [root@bogon ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@bogon ~]# /usr/local/apache2.4/bin/apachectl graceful [root@bogon ~]#
2.直接不能訪問,應該ref爲空,必須把這個圖片放到111.com和aaa.com相關的內容裏,來源ref是白名單的狀況才能訪問。
3.若是想在瀏覽器直接能訪問配置空ref
SetEnvIfNoCase Referer "^$" local_ref
[root@bogon ~]# /usr/local/apache2.4/bin/apachectl graceful
4.能夠用curl -e 直接創造referrer
[root@bogon ~]# curl -e "http://111.com/a.jpg" -x127.0.0.1:80 111.com/a.jpg -I HTTP/1.1 200 OK Date: Tue, 06 Feb 2018 03:45:11 GMT Server: Apache/2.4.28 (Unix) PHP/5.6.30 Last-Modified: Sat, 12 Aug 2017 09:29:53 GMT ETag: "8f393-5568b126b0640" Accept-Ranges: bytes Content-Length: 586643 Cache-Control: max-age=86400 Expires: Wed, 07 Feb 2018 03:45:11 GMT Content-Type: image/jpeg [root@bogon ~]#
訪問控制Directory
1.添加配置文件,建立admin目錄添加index.php文件
1.看Order後面的,哪一個在前,哪一個在後
2.若是deny在前,那麼就須要看deny from 這句,而後看allow from這一句
3.規則是一條一條的匹配的,不論是deny在前面仍是allow在前,都是會生效的。好比例子中。先deny了全部,而後又allow了127.0.0.1,因此127.0.0.1是經過的。
Order allow ,deny
deny from all
allow from 127.0.0.1
這個就會deny全部了,127.0.0.1也會被deny。由於順序是先allow而後deny,雖然一開始allow了127.0.0.1,可是後面有拒絕了它。
Order allow,deny
deny from all
上面的規則就表示,所有都不能經過
Order deny,allow
deny from all
上面的規則表示,所有都不能經過
Order deny,allow
只有順序,沒有具體規則,表示,所有均可以通行(默認的),由於allow在最後了。
Order allow,deny
這個表示,所有不能通行(默認的),由於deny在最後了。
講完了allow ,deny咱們再來看看具體的應用吧。
(1)某個目錄作限制,好比該目錄很重要,只容許咱們公司的IP訪問,固然這個目錄可使網站根目錄,也就是整個站點都要作限制了。
<Directory /data/www/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
說明:只容許127.0.0.1訪問,其餘IP所有拒絕掉。
<Directory "/data/wwwroot/111.com/admin">
Order deny,allow
Deny from all # 表示禁止 1.1.1.1 訪問 abc 目錄
Allow from 127.0.0.1
</Directory>
[root@bogon 111.com]# mkdir admin [root@bogon 111.com]# touch index.php [root@bogon 111.com]# echo 121212 > index.php [root@bogon 111.com]# cat index.php 121212 [root@bogon 111.com]#
[root@bogon admin]# curl -x127.0.0.1:80 111.com/admin/index.php -I HTTP/1.1 200 OK Date: Tue, 06 Feb 2018 04:55:21 GMT Server: Apache/2.4.28 (Unix) PHP/5.6.30 X-Powered-By: PHP/5.6.30 Cache-Control: max-age=0 Expires: Tue, 06 Feb 2018 04:55:21 GMT Content-Type: text/html; charset=UTF-8 [root@bogon admin]#
[root@bogon admin]# curl -x10.21.95.122:80 111.com/admin/index.php -I HTTP/1.1 403 Forbidden Date: Tue, 06 Feb 2018 04:56:25 GMT Server: Apache/2.4.28 (Unix) PHP/5.6.30 Content-Type: text/html; charset=iso-8859-1 [root@bogon admin]#
訪問控制FilesMatch
1針對請求的uri去限制,前面安裝的discuz論壇,訪問後臺是admin.php,那咱們就能夠針對admin.php作限制。
<filesmatch "(.*)admin(.*)">
Order deny ,allow
Deny from all
Allow from 127.0.0.1
說明:這裏用到了filesmatch語法,表示匹配的意思。
限定某個目錄禁止解析php
1.某個目錄下解析PHP,這個頗有用,咱們作網站安全的時候,這個用的不少,好比某些目錄能夠上傳文件,爲了不上傳文件有木馬,因此咱們禁止這個目錄下面的 訪問解析PHP。
2.配置文件添加以下代碼,禁止upload目錄下的php文件解析
<Directory "/data/wwwroot/111.com/upload">
php_admin_flag engine off
<FilesMatch (.*)\.php(.*)>
Order deny,allow
Deny from all
</FilesMatch>
</Directory>
[root@bogon admin]# mkdir /data/wwwroot/111.com/upload [root@bogon admin]# touch /data/wwwroot/111.com/upload/index.php [root@bogon admin]# echo 111 > /data/wwwroot/111.com/upload/index.php [root@bogon admin]#
3.php_admin_flag engine off這個語句就是禁止解析php的控制語句,但只這樣配置還不夠,由於這樣配置以後用戶依然能夠訪問PHP文件,只不過不解析了,但能夠下載,用戶下載PHP文件也是不合適的,因此有必要在禁止一下。
[root@bogon admin]# curl -x127.0.0.1:80 111.com/upload/index.php -I HTTP/1.1 403 Forbidden Date: Wed, 07 Feb 2018 01:41:52 GMT Server: Apache/2.4.28 (Unix) PHP/5.6.30 Content-Type: text/html; charset=iso-8859-1 [root@bogon admin]#
限制user_agent
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR] # 若是要禁止多種瀏>覽器要在後面加[OR],表示或者 NC 忽略大小寫
RewriteCond %{HTTP_USER_AGENT} .*chrome.* [NC] # 這裏禁止 curl 和 chrome 訪問咱們的網站(只是作實驗)
RewriteRule .* - [F] # 表示 Forbidden
</IfModule>
[root@bogon admin]# /usr/local/apache2.4/bin/apachectl graceful -t Syntax OK [root@bogon admin]# /usr/local/apache2.4/bin/apachectl graceful [root@bogon admin]# curl -x127.0.0.1:80 111.com/upload/index.php -I HTTP/1.1 403 Forbidden Date: Wed, 07 Feb 2018 02:33:37 GMT Server: Apache/2.4.28 (Unix) PHP/5.6.30 Content-Type: text/html; charset=iso-8859-1 [root@bogon admin]#
1. -A 模擬useragent
[root@bogon admin]# curl -A "sun sun" -x127.0.0.1:80 111.com/index.php -I HTTP/1.1 200 OK Date: Wed, 07 Feb 2018 02:35:50 GMT Server: Apache/2.4.28 (Unix) PHP/5.6.30 X-Powered-By: PHP/5.6.30 Cache-Control: max-age=0 Expires: Wed, 07 Feb 2018 02:35:50 GMT Content-Type: text/html; charset=UTF-8 [root@bogon admin]#
相關文章
- 1. LAMP架構(二)
- 2. LAMP企業架構之二
- 3. LAMP架構
- 4. lamp架構
- 5. LAMP架構(三)
- 6. LAMP架構(五)
- 7. LAMP架構(六)
- 8. LAMP架構(一)
- 9. LAMP架構三
- 10. LAMP架構(四)
- 更多相關文章...
- • Docker 架構 - Docker教程
- • 互聯網系統應用架構基礎分析 - 紅包項目實戰
- • RxJava操作符(二)Transforming Observables
- • Kotlin學習(二)基本類型
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。