php相关配置

限制某个目录禁止解析php

1.修改虚拟主机配置文件：

[root@weixing01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 

 <Directory /data/wwwroot/111.com/upload>
        php_admin_flag engine off
       # <FilesMatch (.*)\.php(.*)>
       # Order allow,deny
       # Deny from all
       # </FilesMatch>
   </Directory>

2.测试：

[root@weixing01 111.com]# curl -x127.0.0.1:80 'http://111.com/upload/123.php' -I
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 14:30:22 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Last-Modified: Wed, 07 Mar 2018 14:20:10 GMT
ETag: "16-566d341bfefe2"
Accept-Ranges: bytes
Content-Length: 22
Content-Type: application/x-httpd-php

[root@weixing01 111.com]# curl -x127.0.0.1:80 'http://111.com/upload/123.php' 
<?php
echo "123.php";

限制user_agent

1.修改虚拟主机配置文件：

[root@weixing01 111.com]# !vim
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

 <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_USER_AGENT}  .*curl.* [NC,OR]
        RewriteCond %{HTTP_USER_AGENT}  .*baidu.com.* [NC]
        RewriteRule  .*  -  [F]
   </IfModule>

2.测试：curl -e指定refer -A 指定user_agent -x指定hosts -I 查看状态码

[root@weixing01 111.com]# curl -x127.0.0.1:80 'http://111.com/upload/123.php' -I
HTTP/1.1 403 Forbidden
Date: Wed, 07 Mar 2018 14:42:42 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1

[root@weixing01 111.com]# curl -x127.0.0.1:80 'http://111.com/123.php' -I
HTTP/1.1 403 Forbidden
Date: Wed, 07 Mar 2018 14:42:57 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1

[root@weixing01 111.com]# curl -A "weixing01 weixing01" -x127.0.0.1:80 'http://111.com/123.php' -I
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 14:43:45 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

php相关配置

1.查看php配置文件位置并修改

[root@weixing01 php-7.1.6]# vim /usr/local/php7/etc/php.ini

disable_functions =eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,phpinfo

2.测试禁止的功能是否实现

3.定义时区：

;date.timezone =Asia/Chongqing

4.修改错误信息显示：

; Production Value: Off
; http://php.net/display-errors
display_errors = Off

[root@weixing01 php-7.1.6]# curl -A "a" -x127.0.0.1:80 http://111.com/index.php -I
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 15:07:04 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

[root@weixing01 php-7.1.6]# curl -A "a" -x127.0.0.1:80 http://111.com/index.php

不显示错误信息在网页，但是没有任何输出，不正常

5.配置错误日志：

error_log =/tmp/php_errors.log

log_errors = On

display_errors = Off

;   E_ALL (Show all errors, warnings and notices including coding standards.)
;   E_ALL & ~E_NOTICE  (Show all errors, except for notices)
;   E_ALL & ~E_NOTICE & ~E_STRICT  (Show all errors, except for notices and coding standards warnings.)
;   E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR  (Show only errors)
; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
; Development Value: E_ALL
; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
; http://php.net/error-reporting
error_reporting = E_ALL

[root@weixing01 php-7.1.6]# ls -l /tmp/php_errors.log 
-rw-r--r-- 1 daemon daemon 135 3月   7 23:14 /tmp/php_errors.log
[root@weixing01 php-7.1.6]# cat !$
cat /tmp/php_errors.log
[07-Mar-2018 15:14:24 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/111.com/index.php on line 2

6.定义open_basedir：在 虚拟主机配置文件中定义

php_admin_value open_basedir "/data/wwwroot/111.com:/tmp/"