本文详细介绍了如何在Apache服务器上通过修改配置文件,实现对特定目录下PHP文件的解析禁用,防止PHP代码被直接展示而非执行。通过具体操作步骤和代码示例,展示了如何使用php_admin_flag engine off指令来达到目的。
shallow丿ove
#访问控制——禁止PHP解析
- 核心配置文件内容 <Directory /data/wwwroot/111.com/upload> php_admin_flag engine off </Directory>
- curl测试时直接返回了php源代码,并未解析
[root@localhost ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
43 # </Directory>
44 <Directory /data/111.com/upload>
45 php_admin_flag engine off
46 <FilesMatch (.*)\.php(.*)>
47 Order allow,deny
48 Deny from all
49 </FilesMatch>
50 </Directory>
51 <Directory /data/wwwroot/111.com>
52 <FilesMatch user.php(.*)>
53 Order deny,allow
54 Deny from allow
55 Allow from 127.0.0.1
56 </FilesMatch>
57 </Directory>
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost ~]# mkdir /data/wwwroot/111.com/upload
[root@localhost ~]# cp /data/wwwroot/111.com/admin/* /data/wwwroot/111.com/upload/
[root@localhost ~]# ls /data/wwwroot/111.com/upload/
index.php
[root@localhost ~]# curl -x 127.0.0.1:80 'http://111.com/upload/index.php' -I
HTTP/1.1 404 Not Found
Date: Sun, 05 Nov 2017 08:37:49 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
[root@localhost ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
42 # </FilesMatch>
43 # </Directory>
44 <Directory /data/111.com/upload>
45 php_admin_flag engine off
46 # <FilesMatch (.*)\.php(.*)>
47 # Order allow,deny
48 # Deny from all
49 # </FilesMatch>
50 </Directory>
51 <Directory /data/wwwroot/111.com>
52 <FilesMatch user.php(.*)>
53 Order deny,allow
54 Deny from allow
55 Allow from 127.0.0.1
56 </FilesMatch>
57 </Directory>
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost ~]# curl -x 127.0.0.1:80 'http://111.com/upload/index.php' -I
1111
Windows访问也是一样的,则变成下载,无法解析
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
