LAMP架构二
安装PHP7
1.查看php配置文件信息(phpinfo),php有两个配置文件开发环境和生产环境
[root@localhost php-5.6.30]# /usr/local/php/bin/php -i |less
2.我们将配置文件放到/usr/local/php/etc/php.ini下
[root@localhost php-5.6.30]# cp php.ini-production /usr/local/php/etc/php.ini [root@localhost php-5.6.30]#
3.安装php7(bz2的压缩包用 tar -jxvf解压)
[root@localhost php-7.1.6]# cd /usr/local/src/^C [root@localhost php-7.1.6]# wget http://mirrors.sohu.com/php/php-7.1.6.tar.gz^C [root@localhost php-7.1.6]# tar -zxvf php-7.1.6.tar.gz ^C [root@localhost php-7.1.6]# cd php-7.1.6/^C [root@localhost php-7.1.6]#
4.php7配置文件
[root@localhost php-7.1.6]# ./configure --prefix=/usr/local/php7
--with-apxs2=/usr/local/apache2.4/bin/apxs
--with-config-file-path=/usr/local/php7/etc
--with-pdo-mysql=/usr/local/mysql
--with-mysqli=/usr/local/mysql/bin/mysql_config
--with-libxml-dir
--with-gd
--with-jpeg-dir
--with-png-dir
--with-freetype-dir
--with-iconv-dir
--with-zlib-dir
--with-bz2
--with-openssl
--with-mcrypt
--enable-soap
--enable-gd-native-ttf
--enable-mbstring
--enable-sockets
--enable-exif
5.make && make install
6.查看文件php7模块文件
[root@localhost php-7.1.6]# ls /usr/local/apache2.4/modules/libphp7.so /usr/local/apache2.4/modules/libphp7.so [root@localhost php-7.1.6]# du -sh /usr/local/apache2.4/modules/libphp7.so 37M /usr/local/apache2.4/modules/libphp7.so [root@localhost php-7.1.6]#
7.发现apache加载了
php5_module (shared)
php7_module (shared)
[root@localhost php-7.1.6]# /usr/local/apache2.4/bin/apachectl -M AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message Loaded Modules: core_module (static) so_module (static) http_module (static) mpm_event_module (static) authn_file_module (shared) authn_core_module (shared) authz_host_module (shared) authz_groupfile_module (shared) authz_user_module (shared) authz_core_module (shared) access_compat_module (shared) auth_basic_module (shared) reqtimeout_module (shared) filter_module (shared) mime_module (shared) log_config_module (shared) env_module (shared) headers_module (shared) setenvif_module (shared) version_module (shared) unixd_module (shared) status_module (shared) autoindex_module (shared) dir_module (shared) alias_module (shared) php5_module (shared) php7_module (shared) [root@localhost php-7.1.6]#
8.想要只支持一个php怎么做呢,修改httpd.conf,将php5模块所在的行注释掉
[root@localhost php-7.1.6]# !vim vim /usr/local/apache2.4/conf/httpd.conf [root@localhost php-7.1.6]#
Apache和PHP结合
1.解决启动apache提示警告信息文件,编辑apache配置文件将ServerName注释状态打开
2.启动apache,查看httpd服务是否启动成功
[root@localhost php-7.1.6]# /usr/local/apache2.4/bin/apachectl restart [root@localhost php-7.1.6]# ps aux|grep httpd daemon 60694 0.0 0.3 435528 3740 ? Sl 09:42 0:00 /usr/local/apache2.4/bin/httpd -k start daemon 60695 0.0 0.3 435528 3736 ? Sl 09:42 0:00 /usr/local/apache2.4/bin/httpd -k start daemon 60696 0.0 0.3 435528 3740 ? Sl 09:42 0:00 /usr/local/apache2.4/bin/httpd -k start root 60779 2.0 0.0 112680 976 pts/5 S+ 09:42 0:00 grep --color=auto httpd root 99405 0.0 0.6 146616 6988 ? Ss 2月01 0:07 /usr/local/apache2.4/bin/httpd -k start [root@localhost php-7.1.6]#
3.查看服务器是否开启80端口,发现并没有开启
[root@localhost php-7.1.6]# iptables -nvL
4.临时将80端口规则加到防火墙中(-I 添加规则、-D 删除规则),发现浏览器可以访问服务器了,telnet也可以连接服务器了
[root@localhost php-7.1.6]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
5.编辑apache配置文件denied改为granted
6.查看配置文件是否有语法错误
[root@localhost local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@localhost local]#
7.重新加载配置文件
[root@localhost local]# /usr/local/apache2.4/bin/apachectl graceful [root@localhost local]#
8.添加配置文件,检查配置文件是否正常。
[root@localhost local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@localhost local]# /usr/local/apache2.4/bin/apachectl graceful [root@localhost local]#
9.可以正常访问服务器
10.支持php
Apache默认虚拟主机
1.编辑httpd.conf文件去掉虚拟主机配置文件#号
2.编辑虚拟主机配置文件并建立相对应的目录
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/data/wwwroot/abc.com"
ServerName abc.com
ServerAlias www.abc.com www.123.com
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
[root@localhost ~]# mkdir /data/wwwroot/ [root@localhost ~]# mkdir /data/wwwroot/abc.com [root@localhost ~]# mkdir /data/wwwroot/111.com [root@localhost ~]# vim /data/wwwroot/abc.com/index.php [root@localhost ~]#
3.创建index.php文件并写点代码
[root@localhost ~]# vim /data/wwwroot/111.com/index.php [root@localhost ~]#
4.检查配置文件
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful [root@localhost ~]#
5.curl命令来检测是否可以访问-x 选项可以为CURL添加代理功能,用浏览器看需要本地做host
[root@localhost ~]# curl -x10.21.95.122:80 abc.com abc.com[root@localhost ~]# curl -x10.21.95.122:80 abce.com abc.com[root@localhost ~]# curl -x10.21.95.122:80 abcee.com abc.com[root@localhost ~]# curl -x10.21.95.122:80 www.example.com 111.com[root@localhost ~]#
6.打开虚拟主机配置文件,主配置文件将失效
Apache用户认证
1.修改虚拟主机配置文件
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
<Directory /data/wwwroot/111.com>
AllowOverride AuthConfig
AuthName "Restricted Files"
AuthType Basic
AuthUserFile /data/.htpasswd
Require valid-user
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
2.生成用户密码文件
[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf [root@localhost ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd apache New password: Re-type new password: Adding password for user apache [root@localhost ~]#
[root@localhost ~]# /usr/local/apache2.4/bin/htpasswd -m /data/.htpasswd apache1 New password: Re-type new password: Adding password for user apache1 [root@localhost ~]# cat /data/.htpasswd apache:$apr1$7yblTxbh$nuIrcwIU3nlsee3Aek8jJ. apache1:$apr1$1bnu4tPX$/u15wjn1vuexrW8ROHC9u0 [root@localhost ~]#
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful [root@localhost ~]#
3.curl访问提示401 -I 只看状态码不看返回的内容
[root@localhost ~]# curl -x127.0.0.1:80 111.com -I HTTP/1.1 401 Unauthorized Date: Fri, 02 Feb 2018 07:44:52 GMT Server: Apache/2.4.28 (Unix) PHP/5.6.30 WWW-Authenticate: Basic realm="Restricted Files" Content-Type: text/html; charset=iso-8859-1 [root@localhost ~]#
4.用浏览器访问,编辑客户端host文件,访问111.com
5.用curl方式输入用户名密码方式访问
[root@localhost ~]# curl -x127.0.0.1:80 -uapache:apache 111.com 111.com[root@localhost ~]#
1.filesmatch指定文件认证
域名跳转
1.修改配置文件域名跳转需要在虚拟主机配置中添加别名和一个 rewrite 模块,如下,配置当访问 www.aaa.com 时跳转到 www.test.com
[root@localhost ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.aaa.com$
RewriteRule ^/(.*)$ http://www.test.com/$1 [R=301,L]
</IfModule>
</VirtualHost>
[root@localhost ~]# /usr/local/apache2/bin/apachectl -t [root@localhost ~]# /usr/local/apache2/bin/apachectl graceful
2.扩展:如果有多个域名跳转到一个域名如何配置,如下,配置当访问 www.aaa.com 或访问 www.bbb.com 时跳转到 www.test.com
[root@localhost ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com # 这里配置两个别名
ServerAlias www.bbb.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.aaa.com$ [OR] # 这里末尾要加[OR],表示或者
RewriteCond %{HTTP_HOST} ^www.bbb.com$
RewriteRule ^/(.*)$ http://www.test.com/$1 [R=301,L]
</IfModule>
</VirtualHost>
3.查看是否加载了rewrite模块
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite [root@localhost ~]# vi /usr/local/apache2.4/conf/httpd.conf [root@localhost ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite rewrite_module (shared) [root@localhost ~]#
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful [root@localhost ~]#
Apache访问日志
常用命令
1.查看apache的进程数
ps -aux | grep httpd | wc -l
2.分析日志查看当天的ip连接数
cat default-access_log | grep "10/Dec/2010" | awk '{print $2}' | sort | uniq -c | sort -nr
3.查看指定的ip在当天究竟访问了什么url
cat default-access_log | grep "10/Dec/2010" | grep "218.19.140.242" | awk '{print $7}' | sort | uniq -c | sort -nr
4.查看当天访问排行前10的url
cat default-access_log | grep "10/Dec/2010" | awk '{print $7}' | sort | uniq -c | sort -nr | head -n 10
5.看到指定的ip究竟干了什么
cat default-access_log | grep 218.19.140.242 | awk '{print $1"\t"$8}' | sort | uniq -c | sort -nr | less
6.查看访问次数最多的几个分钟(找到热点)
awk '{print $4}' default-access_log |cut -c 14-18|sort|uniq -c|sort -nr|head
1.查看日志
[root@localhost ~]# cat /usr/local/apache2.4/logs/ 111.com-access_log abc.com-error_log httpd.pid 111.com-error_log access_log abc.com-access_log error_log [root@localhost ~]# cat /usr/local/apache2.4/logs/111.com-access_log 10.21.95.122 - - [02/Feb/2018:15:19:15 +0800] "GET HTTP://www.example.com/ HTTP/1.1" 200 7 127.0.0.1 - - [02/Feb/2018:15:44:52 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 401 - 10.21.95.218 - - [02/Feb/2018:15:48:48 +0800] "GET / HTTP/1.1" 401 381 10.21.95.218 - apache [02/Feb/2018:15:50:00 +0800] "GET / HTTP/1.1" 401 381 10.21.95.218 - apache [02/Feb/2018:15:50:26 +0800] "GET / HTTP/1.1" 200 7 10.21.95.218 - apache [02/Feb/2018:15:50:26 +0800] "GET /favicon.ico HTTP/1.1" 404 209 127.0.0.1 - apache [02/Feb/2018:15:53:11 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7 [root@localhost ~]#
2.查看gz压缩包内容
zcat access_log.2018020209.gz |head
3.定义新的日志文件格式common改为combined,日志记录更详细。
4.让配置文件生效
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful [root@localhost ~]#
访问日志不记录静态文件
1,当访问很多图片,文档等静态资源的时候,会加大你日志的容量,日志容量占用你磁盘空间后,会出现服务器宕机等很严重的问题,这时需要将日志进行配置优化。当访问网页时不记录这些图片、css、js等信息日志。
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
CustomLog "logs/111.com-access_log" combined env=!img
2.重新加载配置文件
[root@bogon ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@bogon ~]# curl -x127.0.0.1:80 111.com/aaaa.jpg <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /aaaa.jpg was not found on this server.</p> </body></html> [root@bogon ~]#
3.访问不是规则包含的链接被记录到日志,jpg结尾的不记录到日志
[root@bogon ~]# curl -x127.0.0.1:80 111.com/aaaa.jpg1
[root@bogon ~]# tail /usr/local/apache2.4/logs/111.com-access_log 127.0.0.1 - - [02/Feb/2018:15:44:52 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 401 - 10.21.95.218 - - [02/Feb/2018:15:48:48 +0800] "GET / HTTP/1.1" 401 381 10.21.95.218 - apache [02/Feb/2018:15:50:00 +0800] "GET / HTTP/1.1" 401 381 10.21.95.218 - apache [02/Feb/2018:15:50:26 +0800] "GET / HTTP/1.1" 200 7 10.21.95.218 - apache [02/Feb/2018:15:50:26 +0800] "GET /favicon.ico HTTP/1.1" 404 209 127.0.0.1 - apache [02/Feb/2018:15:53:11 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7 10.21.95.218 - apache [02/Feb/2018:17:48:08 +0800] "GET / HTTP/1.1" 200 7 10.21.95.218 - apache [02/Feb/2018:18:11:59 +0800] "GET / HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" 10.21.95.218 - apache [02/Feb/2018:18:12:00 +0800] "GET / HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" 127.0.0.1 - - [05/Feb/2018:17:53:08 +0800] "GET HTTP://111.com/aaaa.jpg1 HTTP/1.1" 401 381 "-" "curl/7.29.0" [root@bogon ~]#
访问日志切割
1.添加配置文件选项rotatelogs -l 切割命令 -l 指定以什么时间格式切割 86400 每天0点生成一个新的文件
2.生成了记录日期格式的日志文件111.com-access_20180206.log
[root@bogon ~]# curl -x127.0.0.1:80 111.com/index.php 111.com[root@bogon ~]# ls /usr/local/apache2.4/logs/ 111.com-access_20180206.log 111.com-error_log abc.com-error_log error_log 111.com-access_log abc.com-access_log access_log httpd.pid [root@bogon ~]#
[root@bogon ~]# cat /usr/local/apache2.4/logs/111.com-access_20180206.log 127.0.0.1 - - [06/Feb/2018:09:14:26 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 404 205 "-" "curl/7.29.0" 127.0.0.1 - - [06/Feb/2018:09:15:44 +0800] "GET HTTP://111.com/index.php HTTP/1.1" 200 7 "-" "curl/7.29.0" [root@bogon ~]#
3.还需要写一个任务计划超过多少天的日志删除减小空间占用crontab
00 * * * * find /applog/app -type f -mtime +1 -exec rm -f {} \;
静态元素过期时间
1.在虚拟主机配置文件中添加expires_module模块配置文件
[root@bogon 111.com]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType image/gif "access plus 1 days"
ExpiresByType image/jpeg "access plus 24 hours"
ExpiresByType image/png "access plus 24 hours"
ExpiresByType test/css "now plus 2 hours"
ExpiresByType application/x-javascripts "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
[root@bogon 111.com]# /usr/local/apache2.4/bin/apachectl -t
2.查看模块是否打开,打开expires模块
[root@bogon 111.com]# /usr/local/apache2.4/bin/apachectl -M|grep expires [root@bogon 111.com]#
[root@bogon 111.com]# /usr/local/apache2.4/bin/apachectl graceful [root@bogon 111.com]# /usr/local/apache2.4/bin/apachectl -M|grep expires expires_module (shared) [root@bogon 111.com]#
配置防盗链
1.配置文件增加,111.com和aaa.com允许,其他的拒绝
<Directory /data/wwwroot/111.com>
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "http://aaa.com" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">
Order Allow,Deny
Allow from env=local_ref
Deny from all
</filesmatch>
</Directory>
[root@bogon ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf [root@bogon ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@bogon ~]# /usr/local/apache2.4/bin/apachectl graceful [root@bogon ~]#
2.直接不能访问,应该ref为空,必须把这个图片放到111.com和aaa.com相关的内容里,来源ref是白名单的情况才能访问。
3.如果想在浏览器直接能访问配置空ref
SetEnvIfNoCase Referer "^$" local_ref
[root@bogon ~]# /usr/local/apache2.4/bin/apachectl graceful
4.可以用curl -e 直接创造referrer
[root@bogon ~]# curl -e "http://111.com/a.jpg" -x127.0.0.1:80 111.com/a.jpg -I HTTP/1.1 200 OK Date: Tue, 06 Feb 2018 03:45:11 GMT Server: Apache/2.4.28 (Unix) PHP/5.6.30 Last-Modified: Sat, 12 Aug 2017 09:29:53 GMT ETag: "8f393-5568b126b0640" Accept-Ranges: bytes Content-Length: 586643 Cache-Control: max-age=86400 Expires: Wed, 07 Feb 2018 03:45:11 GMT Content-Type: image/jpeg [root@bogon ~]#
访问控制Directory
1.添加配置文件,创建admin目录添加index.php文件
1.看Order后面的,哪个在前,哪个在后
2.如果deny在前,那么就需要看deny from 这句,然后看allow from这一句
3.规则是一条一条的匹配的,不管是deny在前面还是allow在前,都是会生效的。比如例子中。先deny了所有,然后又allow了127.0.0.1,所以127.0.0.1是通过的。
Order allow ,deny
deny from all
allow from 127.0.0.1
这个就会deny所有了,127.0.0.1也会被deny。因为顺序是先allow然后deny,虽然一开始allow了127.0.0.1,但是后面有拒绝了它。
Order allow,deny
deny from all
上面的规则就表示,全部都不能通过
Order deny,allow
deny from all
上面的规则表示,全部都不能通过
Order deny,allow
只有顺序,没有具体规则,表示,全部都可以通行(默认的),因为allow在最后了。
Order allow,deny
这个表示,全部不能通行(默认的),因为deny在最后了。
讲完了allow ,deny我们再来看看具体的应用吧。
(1)某个目录做限制,比如该目录很重要,只允许我们公司的IP访问,当然这个目录可以使网站根目录,也就是整个站点都要做限制了。
<Directory /data/www/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
说明:只允许127.0.0.1访问,其他IP全部拒绝掉。
<Directory "/data/wwwroot/111.com/admin">
Order deny,allow
Deny from all # 表示禁止 1.1.1.1 访问 abc 目录
Allow from 127.0.0.1
</Directory>
[root@bogon 111.com]# mkdir admin [root@bogon 111.com]# touch index.php [root@bogon 111.com]# echo 121212 > index.php [root@bogon 111.com]# cat index.php 121212 [root@bogon 111.com]#
[root@bogon admin]# curl -x127.0.0.1:80 111.com/admin/index.php -I HTTP/1.1 200 OK Date: Tue, 06 Feb 2018 04:55:21 GMT Server: Apache/2.4.28 (Unix) PHP/5.6.30 X-Powered-By: PHP/5.6.30 Cache-Control: max-age=0 Expires: Tue, 06 Feb 2018 04:55:21 GMT Content-Type: text/html; charset=UTF-8 [root@bogon admin]#
[root@bogon admin]# curl -x10.21.95.122:80 111.com/admin/index.php -I HTTP/1.1 403 Forbidden Date: Tue, 06 Feb 2018 04:56:25 GMT Server: Apache/2.4.28 (Unix) PHP/5.6.30 Content-Type: text/html; charset=iso-8859-1 [root@bogon admin]#
访问控制FilesMatch
1针对请求的uri去限制,前面安装的discuz论坛,访问后台是admin.php,那我们就可以针对admin.php做限制。
<filesmatch "(.*)admin(.*)">
Order deny ,allow
Deny from all
Allow from 127.0.0.1
说明:这里用到了filesmatch语法,表示匹配的意思。
限定某个目录禁止解析php
1.某个目录下解析PHP,这个很有用,我们做网站安全的时候,这个用的很多,比如某些目录可以上传文件,为了避免上传文件有木马,所以我们禁止这个目录下面的 访问解析PHP。
2.配置文件添加如下代码,禁止upload目录下的php文件解析
<Directory "/data/wwwroot/111.com/upload">
php_admin_flag engine off
<FilesMatch (.*)\.php(.*)>
Order deny,allow
Deny from all
</FilesMatch>
</Directory>
[root@bogon admin]# mkdir /data/wwwroot/111.com/upload [root@bogon admin]# touch /data/wwwroot/111.com/upload/index.php [root@bogon admin]# echo 111 > /data/wwwroot/111.com/upload/index.php [root@bogon admin]#
3.php_admin_flag engine off这个语句就是禁止解析php的控制语句,但只这样配置还不够,因为这样配置之后用户依然可以访问PHP文件,只不过不解析了,但可以下载,用户下载PHP文件也是不合适的,所以有必要在禁止一下。
[root@bogon admin]# curl -x127.0.0.1:80 111.com/upload/index.php -I HTTP/1.1 403 Forbidden Date: Wed, 07 Feb 2018 01:41:52 GMT Server: Apache/2.4.28 (Unix) PHP/5.6.30 Content-Type: text/html; charset=iso-8859-1 [root@bogon admin]#
限制user_agent
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR] # 如果要禁止多种浏>览器要在后面加[OR],表示或者 NC 忽略大小写
RewriteCond %{HTTP_USER_AGENT} .*chrome.* [NC] # 这里禁止 curl 和 chrome 访问我们的网站(只是做实验)
RewriteRule .* - [F] # 表示 Forbidden
</IfModule>
[root@bogon admin]# /usr/local/apache2.4/bin/apachectl graceful -t Syntax OK [root@bogon admin]# /usr/local/apache2.4/bin/apachectl graceful [root@bogon admin]# curl -x127.0.0.1:80 111.com/upload/index.php -I HTTP/1.1 403 Forbidden Date: Wed, 07 Feb 2018 02:33:37 GMT Server: Apache/2.4.28 (Unix) PHP/5.6.30 Content-Type: text/html; charset=iso-8859-1 [root@bogon admin]#
1. -A 模拟useragent
[root@bogon admin]# curl -A "sun sun" -x127.0.0.1:80 111.com/index.php -I HTTP/1.1 200 OK Date: Wed, 07 Feb 2018 02:35:50 GMT Server: Apache/2.4.28 (Unix) PHP/5.6.30 X-Powered-By: PHP/5.6.30 Cache-Control: max-age=0 Expires: Wed, 07 Feb 2018 02:35:50 GMT Content-Type: text/html; charset=UTF-8 [root@bogon admin]#
