2018-09-13
Posted 2kp2
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了2018-09-13相关的知识,希望对你有一定的参考价值。
11.25 配置防盗链
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //改为如下
<Directory /data/wwwroot/www.123.com>
SetEnvIfNoCase Referer "http://www.123.com" local_ref //白名单
SetEnvIfNoCase Referer "http://123.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref //空白名单 用当期域名访问时为白名单
<filesmatch ".(txt|doc|mp3|zip|rar|jpg|gif|png)">
Order Allow,Deny //匹配顺序
Allow from env=local_ref
</filesmatch>
</Directory>
[[email protected] ~]# curl -e "http://123.com/png" -x192.168.31.10:80 123.com/11.png -I //-e 指定referer -I 显示状态码信息11.26 访问控制Directory
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //改为如下
<Directory /data/wwwroot/www.123.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
[[email protected] ~]# curl -x192.168.31.10:80 123.com/admin/
[[email protected] ~]# curl -x127.0.0.1:80 123.com/admin/11.27 访问控制FilesMatch
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //改为如下
<Directory /data/wwwroot/www.123.com>
<FilesMatch "admin.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
[[email protected] ~]# curl -x192.168.31.10:80 123.com/admin.php
[[email protected] ~]# curl -x127.0.0.1:80 123.com/admin.php11.28 限定某个目录禁止解析php
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //改为如下
<Directory /data/wwwroot/www.123.com/upload>
php_admin_flag engine off //禁止解析php,返回php源代码
<FilesMatch "(.*).php(.*)"> //禁止访问返回的php源代码
Order allow,deny
Deny from all
</FilesMatch>
</Directory>
[[email protected] ~]# curl -x127.0.0.1:80 123.com/upload/123.php11.29 限制user_agent(浏览器标识)
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //改为如下
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR] //NC 忽略大小写 OR 与下一条为或者关系,不写为并且关系
RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC]
RewriteRule .* - [F] //F 403
</IfModule>
[[email protected] ~]# curl -A "chrome" -x127.0.0.1:80 123.com //-A 指定user_agent11.30/11.31 php相关配置
php.ini位置
[[email protected] ~]# /usr/local/php/bin/php -i|grep -i "loaded configuration file" //可能不准,推荐用phpinfo
Loaded Configuration File => /usr/local/php/etc/php.ini
[[email protected] ~]# vim index.php //编辑好后用浏览器访问
<?php
phpinfo();
?>禁止php危险函数
[[email protected] ~]# vim /usr/local/php/etc/php.ini
disable_functions = eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,phpinfo定义时区
[[email protected] ~]# vim /usr/local/php/etc/php.ini
date.timezone = Asia/Shanghai日志设置
[[email protected] ~]# vim /usr/local/php/etc/php.ini
display_errors = Off //错误信息不显示
log_errors = On //日志开启
error_log = /tmp/php_errors.log //日志目录
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT //错误日志级别将PHP所能打开的文件限制在指定的目录树中
[[email protected] ~]# vim /usr/local/php/etc/php.ini //对所有网站限制
open_basedir "/data/wwwroot/123.com:/tmp/"
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //可对单个网站限制
php_admin_value open_basedir "/data/wwwroot/123.com:/tmp/"11.32 php扩展模块安装
安装第三方redis的模块
[[email protected] ~]# cd /usr/local/src/
[[email protected] src]# wget https://codeload.github.com/phpredis/phpredis/zip/develop
[[email protected] src]# mv develop phpredis-develop.zip
[[email protected] src]# unzip phpredis-develop.zip
[[email protected] src]# cd phpredis-develop
[[email protected] phpredis-develop]# /usr/local/php/bin/phpize //生成configure文件
[[email protected] phpredis-develop]# ./configure --with-php-config=/usr/local/php/bin/php-config
[[email protected] phpredis-develop]# make && make install
[[email protected] ~]# /usr/local/php/bin/php -i |grep extension_dir //查看扩展模块存放目录,我们可以在php.ini中去自定义该路径
[[email protected] ~]# vim /usr/local/php/etc/php.ini //增加一行配置(可以放到文件最后一行)
extension = redis.so
[[email protected] ~]# /usr/local/php/bin/php -m安装源码包自带模块
[[email protected] ~]# cd /usr/local/src/php-xxx/ext/
[[email protected] ext]# cd zip/ //需要安装的模块目录
[[email protected] zip]# /usr/local/php/bin/phpize //生成configure文件
[[email protected] zip]# ./configure --with-php-config=/usr/local/php/bin/php-config
[[email protected] zip]# make && make install
[[email protected] ~]# vim /usr/local/php/etc/php.ini
extension = zip.so
[[email protected] ~]# /usr/local/php/bin/php -m扩展
几种限制ip的方法 http://ask.apelearn.com/question/6519
apache 自定义header http://ask.apelearn.com/question/830
apache的keepalive和keepalivetimeout http://ask.apelearn.com/question/556
apache开启压缩 http://ask.apelearn.com/question/5528
apache2.2到2.4配置文件变更 http://ask.apelearn.com/question/7292
apache options参数 http://www.365mini.com/page/apache-options-directive.htm
apache禁止trace或track防止xss http://ask.apelearn.com/question/1045
apache 配置https 支持ssl http://ask.apelearn.com/question/1029
apache rewrite教程 http://coffeelet.blog.163.com/blog/static/13515745320115842755199/ http://www.cnblogs.com/top5/archive/2009/08/12/1544098.html
apache rewrite 出现死循环 http://ask.apelearn.com/question/1043
php错误日志级别参考 http://ask.apelearn.com/question/6973
php开启短标签 http://ask.apelearn.com/question/120
php.ini详解 http://legolas.blog.51cto.com/2682485/493917
以上是关于2018-09-13的主要内容,如果未能解决你的问题,请参考以下文章