Apache configures access control, disables PHP parsing, rewrite pseudo-static, and limits User_agent

Access control

The following is for Apache virtual host configuration

Site access, limited to the specified IP. Only intranet login is allowed and no other address is allowed to log in.

order definition sequence, deny first, then execute the following deny from all, and then do allow, and then do let from 127.0.0.1, which means deny all, allowing only local access.

<Directory/data/www/>

<filesmatch ". *" >

Order Deny,allow

Deny from all

Allow from 127.0.0.1

</filesmatch>

</Directory>

For the URL of the request to restrict, only allow the intranet and the designated IP can access the address containing the admin keyword, generally for the management background;

<filesmatch "(. *) admin (. *)" >

Order Deny,allow

Deny from all

Allow from 127.0.0.1

Allow from 2.2.2.2

</filesmatch>

If the domain name of the virtual machine is domain.com, this configuration, except 127.0.0.1 and 2.2.2.2, other IP access to the following similar URIs will be directly forbidden.

Http://domain.com/1212admin.txt

http://domain.com/admin.php

Http://domain.com/1212/admin.html , etc.

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>650 "this.width=650;" src= "http ://s3.51cto.com/wyfs02/m00/6c/81/wkiol1vlbgsjzkbuaaesik1h_ck263.jpg "title=" url control. jpg "alt=" Wkiol1vlbgsjzkbuaaesik1h_ck263.jpg "/>

A directory is forbidden to parse PHP, the directory can be customized, PHP parsing fails to display the source code, for the site is not safe.

<directory /data/www/ >

Php_admin_flag engine off

<filesmatch "(. *) PHP" >

Order Deny,allow

Deny from all

</filesmatch>

</Directory>

[Email protected] www]# curl-x127.0.0.1:80 www.111.com/forum.php-IHTTP/1.1 403 Forbiddendate:mon, 2015 07:41:15 Gmtserver:apache/2.2.29 (Unix) DAV/2 php/5.3.28content-type:text/html; Charset=iso-8859-1

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>650 "this.width=650;" src= "http ://s3.51cto.com/wyfs02/m01/6c/85/wkiom1vla1jzvaxuaadrjmrlofq601.jpg "title=" php control. jpg "alt=" Wkiom1vla1jzvaxuaadrjmrlofq601.jpg "/>

Apache Rewrite module application-pseudo static Web page

Mod_rewrite is a very powerful feature of Apache that can implement pseudo-static pages.

Pseudo-Static page, the address of the domain name after the completion of the specification, looks more beautiful, suitable for SEO search.

discuz! Manage Background Page--global--the left side of the SEO settings--url pseudo-static, the right of the available options are all tick.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6C/85/wKiom1VLBW-xhZmUAAVXXQzkW5I298.jpg "title=" Qq20150507142400.jpg "alt=" Wkiom1vlbw-xhzmuaavxxqzkw5i298.jpg "/>

Discuz pseudo-static configuration, written to the virtual host Configuration rewrite module; forum is a section, thread is a post;

<ifmodule mod_rewrite.c>

Rewriteengine on

Rewriterule ^/topic-(. +) \.html$/portal.php?mod=topic&topic=$1&%1

Rewriterule ^/article-([0-9]+)-([0-9]+) \.html$/portal.php?mod=view&aid=$1&page=$2&%1

Rewriterule ^/Forum-(\w+)-([0-9]+) \.html$/forum.php?mod=forumdisplay&fid=$1&page=$2&%1

Rewriterule ^/Thread-([0-9]+)-([0-9]+)-([0-9]+] \.html$/forum.php?mod=viewthread&tid=$1&extra= page\%3d$3&page=$2&%1

Rewriterule ^/group-([0-9]+)-([0-9]+) \.html$/forum.php?mod=group&fid=$1&page=$2&%1

Rewriterule ^/space-(Username|uid)-(. +) \.html$/home.php?mod=space&$1=$2&%1

Rewriterule ^/blog-([0-9]+)-([0-9]+) \.html$/home.php?mod=space&uid=$1&do=blog&id=$2&%1

Rewriterule ^/archiver/(Fid|tid)-([0-9]+) \.html$/archiver/index.php?action=$1&value=$2&%1

Rewriterule ^/([a-z]+[a-z0-9_]*)-([a-z0-9_\-]+) \.html$/plugin.php?id=$1:$2&%1

</IfModule>

Experimental results:

The post address is: http://www.111.com/forum.php?mod=viewthread&tid=1&extra=

Pseudo-Static after: http://www.111.com/thread-1-1-1.html

Apache restricts the specified user_agent

Some user_agent are not what we want, and can be rewirete to 403 pages via the rewrite function for%{http_user_agent} to limit requests for certain user_agent.

One of the rewrite features of Apache is forbidden, which is F, the rewrite rule displays a 403 error and cannot open the Web page.

Restrictions on curl and IE 8.0 cannot be accessed, and  of the browser version is available for IE 7.0. User_agent specific versions need to look at the details of the log and then limit it.

For example: ("mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; trident/4.0; SLCC2;. NET CLR 2.0.50727;. NET CLR 3.5.30729;. NET CLR 3.0.30729; Media Center PC 6.0;. net4.0c;. NET4.0E) ")

If you disable all IE browsers:rewritecond%{http_user_agent} ^.*msie*

<ifmodule mod_rewrite.c>

Rewriteengine on

Rewritecond%{http_user_agent} ^.*msie\ 8.0* [Nc,or]

Rewritecond%{http_user_agent} ^.*curl* [NC]

Rewriterule. *-[F]

</IFModule>

Test results, using curl to locally resolve the site to 403 error, Web Access IE prompt 403 error,

[Email protected] www]# curl-x127.0.0.1:80 www.1111.com-IHTTP/1.1 403 Forbiddendate:thu, May 02:09:58 Gmtserve R:apache/2.2.29 (Unix) DAV/2 php/5.3.28content-type:text/html; Charset=iso-8859-1

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6C/85/wKiom1VLBCrhw4TsAAG9s6IZRMk362.jpg "title=" QQ picture 20150507101053.png "alt=" Wkiom1vlbcrhw4tsaag9s6izrmk362.jpg "/>

This article is from the "Model Student's Learning blog" blog, please be sure to keep this source http://8802265.blog.51cto.com/8792265/1643838

Apache configures access control, disables PHP parsing, rewrite pseudo-static, and limits User_agent