Let's take a look at two sections. Typically, there are no permissions on the upload directory, configured as follows:
The code is as follows:
<directory "/var/www/upload" >
<filesmatch ". php" >
Order Allow,deny
Deny from all
</FilesMatch>
</Directory>
These configurations appear to be fine on the surface, which is exactly what windows can say.
But Linux is different, we all know the Linux operating system is case-sensitive, here if you replace the uppercase suffix name *.php class is pass.
Here I say my personal solution, the code is as follows:
<directory "To remove the directory path for PHP execution permissions, for example: D:/piaoyun.cc/upload" >
ErrorDocument 404/404/404.html
ErrorDocument 403/404/403.html
<filesmatch "\. (? i:php|php3|php4) $ ">//? is as many matches as possible. PHP string, I is case insensitive, then the colon follows the regular expression, or it can be written as: <filesmatch" \. (PHP|PHP3) $ ">
Order Allow,deny
Deny from all
</FilesMatch>
</Directory>
The above means that <directory "to remove the directory path for PHP execution permissions, for example: D:/piaoyun.cc/upload" > All PHP files under the directory path are not case-sensitive, through Order,allow, The deny principle denies execution of PHP files and is also applicable to Nginx
Another method, which is set in htaccess, is a bit more flexible for webmasters who do not have the Apapche security permissions:
Apache Environment rule content is as follows: Apache executes PHP script restrictions to add these rules to the. htaccess file
The code is as follows:
Rewriteengine on Rewritecond%!^$
Rewriterule uploads/(. *). (PHP) $–[f]
Rewriterule data/(. *). (PHP) $–[f]
Rewriterule templets/(. *). (PHP) $–[f]
Another way, the code is as follows:
<directory "/var/www/upload" >
Php_admin_flag engine off
</Directory>
This method I failed the test under the win system, restart Apapche The following error message appears:
The Apache service named reported the following error:
>>> Invalid Command ' Php_flag ', perhaps misspelled or defined by a module no included in the server Configuratio N.
Here I do not specify this solution, because the ban on PHP implementation of the method, we look at their own needs to set it!
"Apache Configuration Disable Access"
1. Prohibit access to certain files/directories
Add the Files option to control, such as not allowing access to the. inc extension file, to protect the PHP class library:
<files ~ "\.inc$" >
Order Allow,deny
Deny from all
</Files>
Prohibit access to certain specified directories: (regular match can be done with <DirectoryMatch>)
<directory ~ "^/var/www/(. +/) *[0-9]{3}" >
Order Allow,deny
Deny from all
</Directory>
Prohibit by file matching, such as prohibiting all access to images:
<filesmatch \. (? i:gif|jpe?g|png) $>
Order Allow,deny
Deny from all
</FilesMatch>
Forbidden access for URL-relative paths:
<Location/dir/>
Order Allow,deny
Deny from all
</Location>
Prohibit access to certain destinations for proxy (<ProxyMatch> can be used for regular matching), such as denying access to CNN.com through proxies:
<proxy http://piaoyun.cc/*>
Order Allow,deny
Deny from all
</Proxy>
2. Disable certain IP access/allow only certain IP access
If you want to control the prohibition of certain illegal IP access, control in the directory option:
<directory "/var/www/web/" >
Order Allow,deny
Allow from all
Deny from 10.0.0.1 #阻止一个IP
Deny from 192.168.0.0/24 #阻止一个IP段
</Directory>
Allow only certain IP access, for example, to allow internal or cooperative company access:
<directory "/var/www/web/" >
Order Deny,allow
Deny from all
All from example.com #允许某个域名
All from 10.0.0.1 #允许一个iP
All from 10.0.0.1 10.0.0.2 #允许多个iP
Allow from 10.1.0.0/255.255.0.0 #允许一个IP段, mask pair
All from 10.0.1 192.168 #允许一个IP段, not filled in later
All from 192.168.0.0/24 #允许一个IP段, network number
</Directory>
Apache: Solutions;
<directory "/home/domain/public_html"
options-indexes followsymlinks
allowoverride All
<files ~ ". txt";
Order Allow,deny
deny from all
</files>
</directory>