php相關配置
1.修改虛擬主機配置文件:
[root@weixing01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/111.com/upload> php_admin_flag engine off # <FilesMatch (.*)\.php(.*)> # Order allow,deny # Deny from all # </FilesMatch> </Directory>
2.測試:
[root@weixing01 111.com]# curl -x127.0.0.1:80 ‘http://111.com/upload/123.php‘ -I HTTP/1.1 200 OK Date: Wed, 07 Mar 2018 14:30:22 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 Last-Modified: Wed, 07 Mar 2018 14:20:10 GMT ETag: "16-566d341bfefe2" Accept-Ranges: bytes Content-Length: 22 Content-Type: application/x-httpd-php [root@weixing01 111.com]# curl -x127.0.0.1:80 ‘http://111.com/upload/123.php‘ <?php echo "123.php";
限制user_agent
1.修改虛擬主機配置文件:
[root@weixing01 111.com]# !vim
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR] RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC] RewriteRule .* - [F] </IfModule>
2.測試:curl -e指定refer -A 指定user_agent -x指定hosts -I 查看狀態碼
[root@weixing01 111.com]# curl -x127.0.0.1:80 ‘http://111.com/upload/123.php‘ -I
HTTP/1.1 403 Forbidden
Date: Wed, 07 Mar 2018 14:42:42 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
[root@weixing01 111.com]# curl -x127.0.0.1:80 ‘http://111.com/123.php‘ -I
HTTP/1.1 403 Forbidden
Date: Wed, 07 Mar 2018 14:42:57 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
[root@weixing01 111.com]# curl -A "weixing01 weixing01" -x127.0.0.1:80 ‘http://111.com/123.php‘ -I
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 14:43:45 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
php相關配置
1.查看php配置文件位置並修改
```
[root@weixing01 php-7.1.6]# vim /usr/local/php7/etc/php.ini
disable_functions =eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,phpinfo
2.測試禁止的功能是否實現
3.定義時區:;date.timezone =Asia/Chongqing
4.修改錯誤信息顯示:; Production Value: Off
; http://php.net/display-errors
display_errors = Off
[root@weixing01 php-7.1.6]# curl -A "a" -x127.0.0.1:80 http://111.com/index.php -I
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 15:07:04 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[root@weixing01 php-7.1.6]# curl -A "a" -x127.0.0.1:80 http://111.com/index.php
不顯示錯誤信息在網頁,但是沒有任何輸出,不正常
5.配置錯誤日誌:
error_log =/tmp/php_errors.log
log_errors = On
display_errors = Off
; E_ALL (Show all errors, warnings and notices including coding standards.)
; E_ALL & ~E_NOTICE (Show all errors, except for notices)
; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
; Development Value: E_ALL
; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
; http://php.net/error-reporting
error_reporting = E_ALL
[root@weixing01 php-7.1.6]# ls -l /tmp/php_errors.log
-rw-r--r-- 1 daemon daemon 135 3月 7 23:14 /tmp/php_errors.log
[root@weixing01 php-7.1.6]# cat !$
cat /tmp/php_errors.log
[07-Mar-2018 15:14:24 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/111.com/index.php on line 2
6.定義open_basedir:在 虛擬主機配置文件中定義php_admin_value open_basedir "/data/wwwroot/111.com:/tmp/"
php相關配置