1.修改虚拟主机配置文件:
[root@weixing01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <Directory /data/wwwroot/111.com/upload> ???????php_admin_flag engine off ??????# <FilesMatch (.*)\.php(.*)> ??????# Order allow,deny ??????# Deny from all ??????# </FilesMatch> ??</Directory>2.测试:
[root@weixing01 111.com]# curl -x127.0.0.1:80 ‘http://111.com/upload/123.php‘ -IHTTP/1.1 200 OKDate: Wed, 07 Mar 2018 14:30:22 GMTServer: Apache/2.4.29 (Unix) PHP/7.1.6Last-Modified: Wed, 07 Mar 2018 14:20:10 GMTETag: "16-566d341bfefe2"Accept-Ranges: bytesContent-Length: 22Content-Type: application/x-httpd-php[root@weixing01 111.com]# curl -x127.0.0.1:80 ‘http://111.com/upload/123.php‘ <?phpecho "123.php";限制user_agent
1.修改虚拟主机配置文件:
[root@weixing01 111.com]# !vimvim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <IfModule mod_rewrite.c> ???????RewriteEngine on ???????RewriteCond %{HTTP_USER_AGENT} ?.*curl.* [NC,OR] ???????RewriteCond %{HTTP_USER_AGENT} ?.*baidu.com.* [NC] ???????RewriteRule ?.* ?- ?[F] ??</IfModule>2.测试:curl -e指定refer ?-A 指定user_agent ?-x指定hosts -I 查看状态码
[root@weixing01 111.com]# curl -x127.0.0.1:80 ‘http://111.com/upload/123.php‘ -IHTTP/1.1 403 ForbiddenDate: Wed, 07 Mar 2018 14:42:42 GMTServer: Apache/2.4.29 (Unix) PHP/7.1.6Content-Type: text/html; charset=iso-8859-1[root@weixing01 111.com]# curl -x127.0.0.1:80 ‘http://111.com/123.php‘ -IHTTP/1.1 403 ForbiddenDate: Wed, 07 Mar 2018 14:42:57 GMTServer: Apache/2.4.29 (Unix) PHP/7.1.6Content-Type: text/html; charset=iso-8859-1[root@weixing01 111.com]# curl -A "weixing01 weixing01" -x127.0.0.1:80 ‘http://111.com/123.php‘ -IHTTP/1.1 200 OKDate: Wed, 07 Mar 2018 14:43:45 GMTServer: Apache/2.4.29 (Unix) PHP/7.1.6X-Powered-By: PHP/7.1.6Content-Type: text/html; charset=UTF-8php相关配置
1.查看php配置文件位置并修改
```
[root@weixing01 php-7.1.6]# vim /usr/local/php7/etc/php.ini
disable_functions =eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,phpinfo
2.测试禁止的功能是否实现3.定义时区:;date.timezone =Asia/Chongqing
4.修改错误信息显示:; Production Value: Off
; http://php.net/display-errors
display_errors = Off
[root@weixing01 php-7.1.6]# curl -A "a" -x127.0.0.1:80 http://111.com/index.php -I
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 15:07:04 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[root@weixing01 php-7.1.6]# curl -A "a" -x127.0.0.1:80 http://111.com/index.php
不显示错误信息在网页,但是没有任何输出,不正常5.配置错误日志:error_log =/tmp/php_errors.log
log_errors = On
display_errors = Off
; ??E_ALL (Show all errors, warnings and notices including coding standards.)
; ??E_ALL & ~E_NOTICE ?(Show all errors, except for notices)
; ??E_ALL & ~E_NOTICE & ~E_STRICT ?(Show all errors, except for notices and coding standards warnings.)
; ??E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR ?(Show only errors)
; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
; Development Value: E_ALL
; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
; http://php.net/error-reporting
error_reporting = E_ALL
[root@weixing01 php-7.1.6]# ls -l /tmp/php_errors.log
-rw-r--r-- 1 daemon daemon 135 3月 ??7 23:14 /tmp/php_errors.log
[root@weixing01 php-7.1.6]# cat !$
cat /tmp/php_errors.log
[07-Mar-2018 15:14:24 UTC] PHP Warning: ?phpinfo() has been disabled for security reasons in /data/wwwroot/111.com/index.php on line 2
6.定义open_basedir:在 虚拟主机配置文件中定义php_admin_value open_basedir "/data/wwwroot/111.com:/tmp/"
php相关配置
原文地址:http://blog.51cto.com/13517254/2084029