" to remove the directory path for PHP execution permissions, for example: D:/piaoyun.cc/upload ">404/404/404403/404/403. html"\. (? I:PHP|PHP3|PHP4) $""\. ( PHP|PHP3) $"> from all </FilesMatch></Directory>
Let's take a look at two sections. Typically, there are no permissions on the upload directory, configured as follows:
The code is as follows:
<directory "/var/www/upload" > <filesmatch ". php" > Order allow,deny Deny from all </FilesMatch> </ Directory>
These configurations appear to be fine on the surface, which is exactly what windows can say. But Linux is different, we all know the Linux operating system is case-sensitive, here if you replace the uppercase suffix name *.php class is pass.
Here I say my personal solution, the code is as follows:
<directory "To remove directory paths for PHP execution permissions, for example: D:/piaoyun.cc/upload" > ErrorDocument 404/404/404.html errordocument 403/404/ 403.html <filesmatch "\. (? i:php|php3|php4) $ ">//? is as many matches as possible. PHP string, I is case insensitive, then the colon follows the regular expression, or it can be written as: <filesmatch" \. (PHP|PHP3) $ "> Order Allow,deny deny from all </FilesMatch> </Directory>
The above means that <directory "to remove the directory path for PHP execution permissions, for example: D:/piaoyun.cc/upload" > All PHP files under the directory path are not case-sensitive, through Order,allow, The deny principle denies execution of PHP files and is also applicable to Nginx
Another way, is set in the htaccess inside, this method is more flexible, for those who do not have apapche security operation Rights of the webmaster: Apache Environment rule content is as follows: Apache to execute PHP script restrictions to add these rules to the. htaccess file The code is as follows:
Rewriteengine on rewritecond%!^$ rewriterule uploads/(. *). (PHP) $–[f] Rewriterule data/(. *). (PHP) $–[f] Rewriterule templets/(. *). (PHP) $–[f]
Another way, the code is as follows:
<directory "/var/www/upload" > Php_admin_flag engine off </Directory>
This method I failed under the win system test, restart Apapche The following error message appears: The Apache service named reported the following error: >>> Invalid comma nd ' Php_flag ', perhaps misspelled or defined by a module not included in the server configuration.
Here I do not specify this solution, because the ban on PHP implementation of the method, we look at their own needs to set it!
"Apache Configuration Disabled Access" 1. Prohibit access to certain files/directories add the Files option to control, such as to allow access to the. inc extension file, to protect the PHP class library:
<files ~ "\.inc$" > Order allow,deny deny from all </Files>
Prohibit access to certain specified directories: (regular match can be done with <DirectoryMatch>)
<directory ~ "^/var/www/(. +/) *[0-9]{3}" > Order Allow,deny deny from all </Directory>
Prohibit by file matching, such as prohibiting all access to images:
<filesmatch \. (? i:gif|jpe?g|png) $> Order Allow,deny deny from all </FilesMatch>
Forbidden access for URL-relative paths:
<Location/dir/> Order Allow,deny deny from all </Location>
Prohibit access to certain destinations for proxy (<ProxyMatch> can be used for regular matching), such as denying access to CNN.com through proxies:
<proxy http://piaoyun.cc/*> Order Allow,deny deny from all </Proxy>
2. Disable certain IP access/allow only certain IP access if you want to control the prohibition of certain illegal IP access, control in the directory option:
<directory "/var/www/web/" > Order allow,deny allow from all deny to 10.0.0.1 #阻止一个IP deny from 192.168.0.0/24 #阻止一 IP segment </Directory>
Allow only certain IP access, for example, to allow internal or cooperative company access:
<directory "/var/www/web/" > Order deny,allow deny from all to example.com #允许某个域名 all from 10.0.0.1 #允许一个iP Al L from 10.0.0.1 10.0.0.2 #允许多个iP allow from 10.1.0.0/255.255.0.0 #允许一个IP段, mask to all from 10.0.1 192.168 #允许一个IP段, followed by all F Rom 192.168.0.0/24 #允许一个IP段, network number </Directory>
Apache: Solutions;
<directory "/home/domain/public_html" > Options-indexes followsymlinks allowoverride all <Files ~ ". txt" > Order Allow,deny deny from all </Files> </Directory>
Apache does not allow access to file or directory execution permissions, disable script PHP file setup methods