Home > Backend Development > PHP Tutorial > The directory prohibits parsing PHP and restricts user_agent

The directory prohibits parsing PHP and restricts user_agent

不言
Release: 2023-03-23 22:18:02
Original
1931 people have browsed it

The content of this article is about prohibiting parsing of PHP in directories and restricting user_agent. It has certain reference value. Now I share it with everyone. Friends in need can refer to it.

Disable PHP parsing


If the website has vulnerabilities, if someone uploads some Trojan files on the website, they will be stored in the directory of the website. If they are parsed, it will be over.
For example, if a hacker uploads a info.php, and we have not set up apache to prohibit parsing files uploaded by users, so hackers are likely to see our configuration information in the browser

We only need to restrict these uploaded Trojans Files are enough, and there are two methods of restriction:
Uploading is not allowed, but this is inappropriate, and all users cannot upload it
Even after uploading, no operations are allowed, and parsing is not allowed

Disabling PHP parsing is a security option.

Core configuration file that prohibits PHP parsing:

<Directory /data/wwwroot/www.123.com/upload> //选择目录
    php_admin_flag engine off //禁止解析PHP
</Directory>
Copy after login
  • 1

  • 2

  • 3

  • 4

The result of disabling parsing of PHP is to directly display the source code on the web page.

Disable PHP parsing of the 111.com/upload directory.
Edit virtual configuration file:

   [root@shuai-01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<Directory /data/wwwroot/111.com/upload>
    php_admin_flag engine off
</Directory>
Copy after login

##Save exit check configuration file syntax and reload the configuration file:

[root@shuai-01 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK

[root@shuai-01 ~]# /usr/local/apache2.4/bin/apachectl graceful
Copy after login
Copy after login


  • ##View the effect:

Shows the source codeThe directory prohibits parsing PHP and restricts user_agent
Of course, it is better to disable parsing PHP and use it together with access control:

Edit configuration file:

<Directory /data/wwwroot/111.com/upload>
    php_admin_flag engine off
    <FilesMatch (.*)\.php(.*)>
    Order allow,deny
    deny from all
    </FilesMatch>
</Directory>
Copy after login


  • Save Exit Reload

The directory prohibits parsing PHP and restricts user_agent

禁止访问

参考博客:

http://blog.51cto.com/kevinjin117/1835341

限制user_agent

user_agent(用户代理):是指浏览器(搜索引擎)的信息包括硬件平台、系统软件、应用软件和用户个人偏好。
当黑客用CC攻击你的服务器时,查看下日志发现user_agent是一致的,而且一秒钟出现多次user_agent,这样就必须限制user_agent

配置文件:

   <IfModule mod_rewrite.c> //使用rewrite模块
        RewriteEngine on
        RewriteCond %{HTTP_USER_AGENT}  .*curl.* [NC,OR] //定义user_agent条件,OR表示两条件之间是或者的意思,NC表示忽略大小写
        RewriteCond %{HTTP_USER_AGENT}  .*baidu.com.* [NC] //定义user_agent条件
        RewriteRule  .*  -  [F] // 规则 [F] 表示forbidden(403)
    </IfModule>
Copy after login

编辑虚拟配置文件:

   [root@shuai-01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

   <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_USER_AGENT}  .*curl.* [NC,OR]
        RewriteCond %{HTTP_USER_AGENT}  .*baidu.com.* [NC]
        RewriteRule  .*  -  [F]
    </IfModule>
Copy after login

保存退出检查配置文件语法并重新加载配置文件:

[root@shuai-01 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK

[root@shuai-01 ~]# /usr/local/apache2.4/bin/apachectl graceful
Copy after login
Copy after login

测试:

[root@shuai-01 111.com]# curl -x127.0.0.1:80 &#39;http://111.com/123.php&#39; -IHTTP/1.1 403 Forbidden
Date: Tue, 26 Dec 2017 11:41:06 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
Copy after login

指定一个user_agent测试:

[root@shuai-01 111.com]# curl -A "shuailinux" -x127.0.0.1:80 &#39;http://111.com/123.php&#39; -I
HTTP/1.1 200 OK
Date: Tue, 26 Dec 2017 11:42:18 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
Copy after login

命令:curl
选项:
-A 指定user_agent。
如:

[root@shuai-01 111.com]# curl -A "shuailinux" -x127.0.0.1:80
Copy after login

-e 指定referer,指定引用地址
如:

[root@shuai-01 ~]# curl -e "http://111.com/123.txt" -x127.0.0.1:80 111.com/logo.png -I
Copy after login

-x 在给定的端口上使用HTTP代理
如:

[root@shuai-01 111.com]# curl -x127.0.0.1:80 &#39;http://111.com/123.php&#39;
Copy after login

-I 查看状态码
如:

[root@shuai-01 111.com]# curl -x127.0.0.1:80 &#39;http://111.com/123.php&#39; -I
Copy after login



           

The above is the detailed content of The directory prohibits parsing PHP and restricts user_agent. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template