Home > Developer > Web Develop

4.18 PHP related configuration, restrict user_agent, prohibit PHP parsing

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Prohibit PHP parsing 
对于使用php语言编写的网站,有一些目录是需要上传文件的,如果网站有漏洞,让黑客上传了一个用php代写的木马,由于网站可以执行php程序,最终会让黑客拿到服务器权限,为了避免这种情况发生,我们需要把能上传文件的目录直接禁止解析php代码。

<Directory/data/wwwroot/111.com/upload>
Php_admin_flag engine off
<filematch (.). PHP (. ) >
Order Allow,deny
Deny from all
</FileMatch>
</Directory>
This can be double-insurance, neither parsing PHP, nor access.

Simply prohibit parsing PHP
Curl-x192.168.1.107:80 111.com/upload/123.php
<?php
echo "123.php"; (this result is to prohibit parsing of PHP results, direct display of the source code)

Limit User_agent 
有时候我们网站会受到cc攻击,它的原理很简单,就是用很多用户的电脑同时访问同一个站点,当访问量达到了一定的层次,站点就会耗尽服务器的资源,从而使之不能正常的提供服务。这种cc攻击的规律很明显,其中恶意请求的user_agent相同或者相似,那么我们就可以通过限制user_agent发挥防攻击作用。具体做法:

<ifmodule mod_rewrite.c>
Rewriteengine on
Rewritecond%{http_user_agent}. Curl. [Nc,or]
Rewritecond%{http_user_agent}. baidu.com. [NC]
Rewriterule. -[F]
</IfModule>
Where or indicates that NC indicates that the case is ignored.
Rewriterule. -[F] This sentence means that the rewrite rule is forbidden, where F denotes forbidden (forbidden)

PHP Related Configuration

View the location of the PHP configuration file
/usr/local/php/bin/php-i|grep-i "Loaded configuration file"
Defining time zones
Date.timezone we can write Asia/shanghai or Chongqing.
Security functions
Disable_functions
Common unsafe functions
Eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown, Escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog, Readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close
Log related
Error_log, Log_errors, Display_errors, error_reporting

4.18 PHP related configuration, restrict user_agent, prohibit PHP parsing

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More