9. Configure the anti-theft chain
Http://www.lishiming.net/thread-71-1-1.html
Prevent other people's websites, put links to pictures of your site,
In general, the location of the/usr/local/apache/conf/httpd.conf
or Apache 2.2/usr/local/apache2/conf/extra/httpd-vhost.conf.
Add to
Setenvifnocase Referer "^http://www.ccvita.com" Local_ref
Setenvifnocase Referer "^http://ccvita.com" local_refsetenvifnocase Referer "^$" Local_ref
<filesmatch "\. (txt|doc|mp3|zip|rar|jpg|gif) ">
Order Allow,deny
Allow from Env=local_ref
</filesmatch>
Another way of writing is to use regular, this kind of writing in each version of Apache more general.
The wording is
Setenvifnocase Referer "^http://.*\.yourdomin\.com" Local_ref
Setenvifnocase Referer ". *\.yourdomin\.com" Local_ref
Setenvifnocase Referer "^$" Local_ref
<filesmatch "\. (txt|doc|mp3|zip|rar|jpg|gif) ">
Order Allow,deny
Allow from Env=local_ref
</filesmatch>
10. Access Control
Apache order allow deny
Http://www.lishiming.net/thread-832-1-1.html
Apache restricts php files under a directory from executing permissions http://www.lishiming.net/thread-1000-1-1.html
Apache restricts IP http://www.lishiming.net/thread-5365-1-1.html for access URIs
Several methods of restricting IP http://www.lishiming.net/thread-6519-1-1.html
Apache rewrite related, later on
Apache restricts the specified user_agent http://www.lishiming.net/thread-1033-1-1.html
Apache restricts certain directories from being accessed through rewrite implementation http://www.lishiming.net/thread-3587-1-1.html
Apache rewrite appears dead Loop http://www.lishiming.net/thread-1043-1-1.html
One. PHP Configuration
View the path to the configuration file/usr/local/php/bin/php-i |grep-i Config
Vi/usr/locall/php/etc/php.ini
Find/disable_function
1. Configure Disable_function
Disable_functions = Eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir , Chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen, Openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close
Disable these functions and prohibit hackers from using these hackers to access
2. Configure Error_log
Display_error=off here if it's on helps us go wrong and debug ========
Log_errors=on
Error_log=/usr/local/php/logs/php_errors.log Write absolute path here, create logs directory, permissions 777
error_reporting = e_all & ~e_notice Error level
View error status codes for Web sites
Curl-i-x127.0.0.1:80 http://www.111.com/forum.php
Error level reference http://www.aminglinux.com/bbs/thread-6973-1-1.html
3. Configuring Open_basedir Restricted Access Directory
Open_basedir =/data/www1:/tmp in the php.ini configuration, a method, assigned to another directory, you can not access the
Php_admin_value Open_basedir "/data/www1:/tmp" in the virtual host configuration, two ways,
>/usr/local/php_errors.log The meaning of emptying the log
4. Installing the PHP extension (memcache)
Http://www.aminglinux.com/bbs/thread-45-1-1.html
Module of the source package
cd/usr/local/src/php-5.3.28/ext/
If you want to use which modules, go to the module to execute this command
ext]# CD FTP
[Email protected] Ftp]#/usr/local/php/bin/phpize
Need to install autoconf yum install autoconf
And then execute the command/usr/local/php/bin/phpize
Ls
./configure--with-php-config=/usr/local/php/bin/php-config
Make
The make install then tells you where the dynamic module is
ls + module path
Appears ftp.so
/usr/local/php/bin/php-i |grep-i Extension_dir
Vi/usr/local/php/etc/php.ini Configuration plus FTP module, you need to manually add
Go in and add extension=ftp.so extension here is a dynamic load
And then/usr/local/php/bin/php-m |grep FTP is more FTP this module
Two. mysql Configuration
MySQL Tuning: http://www.aminglinux.com/bbs/thread-5758-1-1.html
/ETC/MY.CNF has already copied this template.
[Mysqld]
socket =/tmp/mysql.sock # Specifies a socket file for local communication between the MySQL client and the server (the default is/var/lib/mysql/mysql.sock file under Linux) and then you read it when I finish writing .
Port = 3306 # Specifies the port on which MSSQL listens
key_buffer = 384M # Key_buffer is the buffer size used for the index block, increasing the index (for all read and multiple writes) that it can get better processing. The index is shared by all threads, and the size of the key_buffer depends on the size of the memory.
Table_cache = 512 # Open the number of tables for all threads. Increasing this value can increase the number of file descriptors required by the mysqld. The overhead of frequently opening data tables can be avoided
sort_buffer_size = 2M # Each thread that needs to be sorted allocates a buffer of that size. Increase this value to accelerate the order by or group by operation.
Note: This parameter corresponds to the allocated memory that is per connection exclusive! If there are 100 connections, the actual allocated total sort buffer size is 100X6=600MB
read_buffer_size = 2M # The buffer size that can be used by the read query operation. As with Sort_buffer_size, the allocated memory for this parameter is exclusive to each connection. =====
query_cache_size = 32M # Specifies the size of the MySQL query result buffer
read_rnd_buffer_size = 8M # parameters are randomly read after they are sorted using the row pointer.
myisam_sort_buffer_size =64m # MyISAM table changes when the required buffers are reordered
thread_concurrency = 8 # Maximum number of concurrent threads, value is the number of server logical CPUs x2, if the CPU supports H.T Hyper-threading, then X2
Thread_cache = 8 # #缓存可重用的线程数
skip-locking # Avoid MySQL external lock, reduce the chance of error increase stability. Wait_timeout = 8 # Indicates idle connection timeout time, default is 28800s, this parameter is used with Interactive_timeout, that is, for wait_timeout to take effect, you must set the Interactive_ Timeout
interactive_timeout = 8
long_query_time = 1 # #慢查询日志的超时时间
log_slow_queries =/path/to/slow_queries # # Slow query log path, must be used together with the above parameters
============
Look at the values for both key_reads/key_read_requests
Log in to MySQL
SHOW STATUS like ' key_read% ';
--------
Show varables like ' table% '
Apache restricts the specified user_agent http://www.lishiming.net/thread-1033-1-1.html
Open the virtual host configuration file
Determine what search engines are used
Some user_agent are not what we want, and can be rewirete to 404 pages via the rewrite function for%{http_user_agent} to limit requests for certain user_agent.
Configured as follows
<ifmodule mod_rewrite.c>
Rewriteengine on
Rewritecond%{http_user_agent} ^.*curl.* [Nc,or]
Rewritecond%{http_user_agent} ^.*bot.* [NC]
Rewritecond%{request_uri}!^/404*
Rewriterule. */404.html
</IfModule>
Test curl-xlocalhost:80 Www.111.com-I jumped to 404.
Curl-a "SFJSLKFJLSJGSSFHSL"-xlocalhost:80 Www.111.com-I this is not 404.
Curl-a "BOTSLKFJLSJGSSFHSL"-xlocalhost:80 Www.111.com-I this is 404 because it contains the bot
Please note that your 404.html will never jump to another page, otherwise it would probably be a dead loop.
configuration as follows
<ifmodule Mod_ Rewrite.c>
Rewriteengine on
Rewritecond%{http_user_agent} ^.*curl.* [Nc,or]
Rewritecond%{http_user_agent} ^.*bot.* [NC]
Rewriterule. *-[F]
</ifmodule>
======================
apache restrict certain directories from being accessed by rewrite/HTTP// www.lishiming.net/thread-3587-1-1.html
Deny allow is certainly achievable, but this must specify an exact directory, if there are many directories, but all contain a name, such as
Bbs.1.com/1/tmp/123.html
Bbs.1.com/2/tmp/123.html
Bbs.1.com/3/1/2/tmp/123.html
......
If there are many, you need to define the directory module, which is obviously cumbersome, using the rewrite module Request_uri can be easily implemented.
<ifmodule mod_rewrite.c>
Rewriteengine on
Rewritecond%{request_uri} ^.*/data/* [NC] #data这个目录下的都访问不了
Rewriterule. *-[F]
</IfModule>
Visit the site, see a lot of things do not come out, press 12, you will see that some files are 403 is limited to the directory below the file
======================
Apache rewrite appears dead Loop http://www.lishiming.net/thread-1043-1-1.html
One of my rules
Rewriterule ^.*/beian.html [r,l]
Copy Code
With curl testing, there is no problem, but there is an infinite loop when using browser access.
Originally visited is the www.111.com result becomes www.111.com/111/111/111/...
Although in the end added [L] still does not work, maybe Apache is not smart enough, has been satisfied with the conditions have been to match, has been to jump. Finally, there's only one additional condition.
Rewritecond%{request_uri}!^/beian.html [NC]
Rewriterule ^.*/beian.html [r,l]
This will stop the loop.
Part three PHP configuration and MySQL configuration