Restrict a directory against parsing PHP
1. Modify the virtual host configuration file:
<Directory /data/wwwroot/111.com/upload> php_admin_flag engine off # <FilesMatch (.*)\.php(.*)> # Order allow,deny # Deny from all # </FilesMatch> </Directory>
2. Test:
[[email protected] 111.com]# curl -x127.0.0.1:80 ‘http://111.com/upload/123.php‘ -IHTTP/1.1 200 OKDate: Wed, 07 Mar 2018 14:30:22 GMTServer: Apache/2.4.29 (Unix) PHP/7.1.6Last-Modified: Wed, 07 Mar 2018 14:20:10 GMTETag: "16-566d341bfefe2"Accept-Ranges: bytesContent-Length: 22Content-Type: application/x-httpd-php[[email protected] 111.com]# curl -x127.0.0.1:80 ‘http://111.com/upload/123.php‘ <?phpecho "123.php";
Limit User_agent
1. Modify the virtual host configuration file:
[[email protected] 111.com]# !vimvim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR] RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC] RewriteRule .* - [F] </IfModule>
2. Test: curl-e Specify refer-a Specify user_agent-x specify hosts-i View status code
[[email protected] 111.com]# curl -x127.0.0.1:80 ‘http://111.com/upload/123.php‘ -IHTTP/1.1 403 ForbiddenDate: Wed, 07 Mar 2018 14:42:42 GMTServer: Apache/2.4.29 (Unix) PHP/7.1.6Content-Type: text/html; charset=iso-8859-1[[email protected] 111.com]# curl -x127.0.0.1:80 ‘http://111.com/123.php‘ -IHTTP/1.1 403 ForbiddenDate: Wed, 07 Mar 2018 14:42:57 GMTServer: Apache/2.4.29 (Unix) PHP/7.1.6Content-Type: text/html; charset=iso-8859-1[[email protected] 111.com]# curl -A "weixing01 weixing01" -x127.0.0.1:80 ‘http://111.com/123.php‘ -IHTTP/1.1 200 OKDate: Wed, 07 Mar 2018 14:43:45 GMTServer: Apache/2.4.29 (Unix) PHP/7.1.6X-Powered-By: PHP/7.1.6Content-Type: text/html; charset=UTF-8
PHP Related Configuration
1. View the PHP configuration file location and modify
```
[Email protected] php-7.1.6]# Vim/usr/local/php7/etc/php.ini
Disable_functions =eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir , Chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen, Openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,phpinfo
2.测试禁止的功能是否实现![](http://i2.51cto.com/images/blog/201803/07/e8e683ba9c5633ef34bafa7565ec069c.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)3.定义时区:
;d Ate.timezone =asia/chongqing
4.修改错误信息显示:
; Production Value:off
; Http://php.net/display-errors
Display_errors = Off
![](http://i2.51cto.com/images/blog/201803/07/6e24a0dda7bb35ff61f7120a958fb6b6.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
[Email protected] php-7.1.6]# curl-a "A"-x127.0.0.1:80 Http://111.com/index.php-I
http/1.1 OK
date:wed, Mar 2018 15:07:04 GMT
Server:apache/2.4.29 (Unix) php/7.1.6
x-powered-by:php/7.1.6
content-type:text/html; Charset=utf-8
[Email protected] php-7.1.6]# curl-a "A"-x127.0.0.1:80 http://111.com/index.php
不显示错误信息在网页,但是没有任何输出,不正常5.配置错误日志:
Error_log =/tmp/php_errors.log
Log_errors = On
Display_errors = Off
; E_all (Show all errors, warnings and notices including coding standards.)
; E_all & ~e_notice (Show all errors, except for notices)
; E_all & ~e_notice & ~e_strict (Show all errors, except for notices and coding standards warnings.)
; e_compile_error| e_recoverable_error| e_error| E_core_error (Show only errors)
; Default Value:e_all & ~e_notice & ~e_strict & ~e_deprecated
; Development Value:e_all
; Production Value:e_all & ~e_deprecated & ~e_strict
; Http://php.net/error-reporting
error_reporting = E_all
[Email protected] php-7.1.6]# ls-l/tmp/php_errors.log
-rw-r--r--1 Daemon Daemon 135 March 7 23:14/tmp/php_errors.log
[email protected] php-7.1.6]# cat!$
Cat/tmp/php_errors.log
[07-mar-2018 15:14:24 UTC] PHP Warning:phpinfo () have been disabled for security reasons in/data/wwwroot/111.com/index.php on line 2
6.定义open_basedir:在 虚拟主机配置文件中定义
Php_admin_value Open_basedir "/data/wwwroot/111.com:/tmp/"
PHP Related Configuration