限制php解析、user_agent、php相关配置

11月20日任务

11.28 限定某个目录禁止解析php
11.29 限制user_agent
11.30/11.31 php相关配置

11.28、限定某个目录禁止解析php

• 核心配置文件内容
•     <Directory /data/wwwroot/www.123.com/upload>
•         php_admin_flag engine off
•     </Directory>
•  curl测试时直接返回了php源代码，并未解析

#编辑配置文件，添加以下内容。

[root@zgxlinux-01 111.com]# /usr/local/apache2.4.37/bin/apachectl -t
Syntax OK
[root@zgxlinux-01 111.com]# /usr/local/apache2.4.37/bin/apachectl graceful
[root@zgxlinux-01 111.com]# mkdir upload
[root@zgxlinux-01 111.com]# cp 123.php upload/

[root@zgxlinux-01 111.com]# curl -x127.0.0.1:80 'http://111.com/upload/123.php' -I
HTTP/1.1 403 Forbidden
Date: Wed, 21 Nov 2018 05:01:46 GMT
Server: Apache/2.4.37 (Unix) PHP/5.6.32
Content-Type: text/html; charset=iso-8859-1

11.29 限制user_agent

• user_agent可以理解为浏览器标识
•  核心配置文件内容
•    <IfModule mod_rewrite.c>
•         RewriteEngine on
•         RewriteCond %{HTTP_USER_AGENT}  .*curl.* [NC,OR]
•         RewriteCond %{HTTP_USER_AGENT}  .*baidu.com.* [NC]
•         RewriteRule  .*  -  [F]
•     </IfModule>
•  curl -A "123123" 指定user_agent

#编辑配置文件，加入以下内容：

[root@zgxlinux-01 111.com]# vim /usr/local/apache2.4.37/conf/extra/httpd-vhosts.conf 
[root@zgxlinux-01 111.com]# /usr/local/apache2.4.37/bin/apachectl -t
Syntax OK
[root@zgxlinux-01 111.com]# /usr/local/apache2.4.37/bin/apachectl graceful
[root@zgxlinux-01 111.com]# !curl
curl -x127.0.0.1:80 'http://111.com/upload/123.php' -I
HTTP/1.1 403 Forbidden
Date: Wed, 21 Nov 2018 09:22:43 GMT
Server: Apache/2.4.37 (Unix) PHP/5.6.32
Content-Type: text/html; charset=iso-8859-1

[root@zgxlinux-01 111.com]# curl -x127.0.0.1:80 'http://111.com/123.php' -I
HTTP/1.1 403 Forbidden
Date: Wed, 21 Nov 2018 09:23:26 GMT
Server: Apache/2.4.37 (Unix) PHP/5.6.32
Content-Type: text/html; charset=iso-8859-1

[root@zgxlinux-01 111.com]# curl -A  zhangguoxiang -x127.0.0.1:80 'http://111.com/123.php' -I
HTTP/1.1 200 OK
Date: Wed, 21 Nov 2018 09:27:18 GMT
Server: Apache/2.4.37 (Unix) PHP/5.6.32
X-Powered-By: PHP/5.6.32
Content-Type: text/html; charset=UTF-8
 

11.30/11.31 php相关配置

• 查看php配置文件位置
•  /usr/local/php/bin/php -i|grep -i "loaded configuration file" 
•  date.timezone 
•  disable_functions
• eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close 
•  error_log, log_errors, display_errors, error_reporting
•  open_basedir
•  php_admin_value open_basedir "/data/wwwroot/111.com:/tmp/"