{"id":276,"date":"2019-10-20T22:02:28","date_gmt":"2019-10-20T14:02:28","guid":{"rendered":"http:\/\/note.systw.net\/note\/?p=276"},"modified":"2024-06-03T11:39:36","modified_gmt":"2024-06-03T03:39:36","slug":"276","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/276","title":{"rendered":"Apache PHP\u57fa\u672c\u5b89\u5168\u8a2d\u5b9a"},"content":{"rendered":"\n<div class=\"wp-block-jetpack-markdown\"><h2>Apache Security<\/h2>\n<h3>\u4fee\u88dc\u5df2\u77e5Apache\u6f0f\u6d1e<\/h3>\n<p>\u5df2\u77e5Apache\u6f0f\u6d1e<br>\nhttp:\/\/www.cvedetails.com\/vendor\/45\/Apache.html<br>\nhttp:\/\/sebug.net\/appdir\/Apache<\/p>\n<p>\u00a0<\/p>\n<h3>\u5efa\u8b70\u503c:ServerSignature Off<\/h3>\n<p>\u96b1\u85cfApache\u7684\u7248\u672c\u865f\u53ca\u5176\u5b83\u654f\u611f\u8cc7\u8a0a<br>\nServerSignature\u6703\u51fa\u73fe\u5728Apache\u6240\u7522\u751f\u7684\u9801\u9762 ex:404\u9801\u9762\u3001\u76ee\u9304\u6e05\u55ae\u9801\u9762\u7684\u5e95\u90e8<\/p>\n<p>\u00a0<\/p>\n<h3>\u5efa\u8b70\u503c:ServerTokens Prod<\/h3>\n<p>ServerTokens\u7528\u4f86\u5224\u65b7Apache\u5728Server HTTP\u56de\u61c9\u5305header\u586b\u5145\u4ec0\u9ebc\u8cc7\u8a0a<br>\n\u82e5\u628aServerTokens\u8a2d\u70baProd\uff0c\u5247HTTP\u56de\u61c9header\u5c31\u6703\u88ab\u8a2d\u7f6e\u70ba\uff1aServer\uff1aApache<\/p>\n<p>\u00a0<\/p>\n<h3>\u5efa\u8b70\u503c:User\u548cGroup apache<\/h3>\n<p>User apache\nGroup apache\n\u4ee5Apache\u7684\u8eab\u4efd\u57f7\u884capache web server<\/p>\n<p>\u00a0<\/p>\n<h3>\u5efa\u8b70\u503c:TraceEnable off<\/h3>\n<p>\u95dc\u9589HTTP METHOD\u4e2d\u7684TRACE\u65b9\u6cd5<\/p>\n<p>\u00a0<\/p>\n<h3>\u5efa\u8b70\u503c<\/h3>\n<pre><code>&lt; Directory \/&gt;\n    Options None\n    AllowOverride None\n     &lt; LimitExcept GET POST&gt;\n  \tdeny from all\n     &lt; \/LimitExcept&gt;\n&lt; \/Directory&gt;\n<\/code><\/pre>\n<p>\u9810\u8a2d\u95dc\u9589\u6240\u6709\u529f\u80fd, \u4e26\u53ea\u9650\u5236GET\u548cPOST\u4f7f\u7528<br>\nps<br>\n\u5176\u4ed6\u8a2d\u5b9aDirectory\u4e0b\u7684option\u5982\u4e0b<br>\n\u95dc\u9589\u700f\u89bd\u76ee\u9304 ex:Options -Indexes<br>\n\u95dc\u9589includes  ex:Options -Includes<br>\n\u95dc\u9589CGI\u57f7\u884c\u7a0b\u5f0f  ex:Options -ExecCGI<br>\n\u7981\u6b62Apache\u9075\u5faa\u7b26\u865f\u9023\u7d50 ex: Options -FollowSymLinks<\/p>\n<p>\u00a0<\/p>\n<h3>\u95dc\u9589\u4efb\u4f55\u4e0d\u5fc5\u8981\u7684\u6a21\u7d44<\/h3>\n<p>\u5e38\u898b\u7684\u7121\u7528\u6a21\u7d44\u5982\u4e0b<br>\nmod_imap, mod_include, mod_info, mod_userdir, mod_status, mod_cgi, mod_autoindex<\/p>\n<p>\u00a0<\/p>\n<p>refer<br>\nhttp:\/\/superuser.com\/questions\/306057\/bare-minimum-apache-modules-needed-for-static-website-and-no-authn<br>\nhttp:\/\/www.tecmint.com\/apache-security-tips\/<\/p>\n<p>\u00a0<\/p>\n<hr>\n<h2>PHP security<\/h2>\n<p>\u8abf\u6574php.ini\u7684\u8a2d\u5b9a\u63d0\u5347\u5b89\u5168<\/p>\n<p><strong>register_globals = off<\/strong><br>\n\u95dc\u9589\u5168\u57df\u8b8a\u6578<\/p>\n<p><strong>allow_url_fopen = off<\/strong><br>\n\u95dc\u9589\u4ee5url\u8b80\u53d6php\u6216\u5176\u4ed6\u6a94\u6848<\/p>\n<pre><code>ex:  \n$fp = fopen(&quot;http:\/\/127.0.0.1\/test.php&quot;, &quot;rt&quot;);\u3000 \/\/ support in allow_url_include = On  \n$fp = fopen(&quot;test.php&quot;, &quot;rt&quot;);  \n<\/code><\/pre>\n<p><strong>allow_url_include = Off<\/strong><br>\n\u95dc\u9589\u4ee5url\u65b9\u5f0f\u5f15\u5165php\u6216\u5176\u4ed6\u6a94\u6848<\/p>\n<pre><code>ex:  \ninclude(\u201c http:\/\/127.0.0.1\/test.php\u201d); \/\/ support in allow_url_include = On  \ninclude(\u201c test.php\u201d);  \n<\/code><\/pre>\n<p><strong>display_errors = off<\/strong><br>\n\u95dc\u9589\u932f\u8aa4\u8a0a\u606f\u986f\u793a<br>\nps:<br>\n\u5982\u9700debug,\u5efa\u8b70\u4f7f\u7528log_errors = On\u548cerror_log = filename<br>\n\u5c07\u932f\u8aa4\u8a0a\u606f\u8a18\u9304\u5230\u6307\u5b9a\u7684\u6a94\u6848<\/p>\n<p><strong>expose_php = Off<\/strong><br>\n\u4e0d\u8b93\u4f3a\u670d\u5668\u6d41\u51fa\u7248\u672c\u8cc7\u8a0a<\/p>\n<p><strong>open_basedir =web\u76ee\u9304<\/strong><br>\n\u76e1\u91cf\u5c07\u7db2\u7ad9\u7684\u8d77\u8def\u5f91\u9650\u5236\u5728web\u7684\u8def\u5f91\uff0c\u4e26\u514d\u99ed\u5ba2\u53bb\u5f15\u7528web\u8def\u5f91\u4ee5\u5916\u7684\u6a94\u6848\u3002<\/p>\n<p><strong>disable_functions=<\/strong><br>\n\u4f7f\u7528disable_functions\u95dc\u9589\u6c92\u5728\u7528\u7684funciton<br>\n\u5c0d\u5916\u7684Web\u5efa\u8b70\u8981\u628a\u53ef\u4ee5\u57f7\u884c\u7cfb\u7d71\u6307\u4ee4\u7684functions\u62ff\u6389<\/p>\n<pre><code>ex\ndisable_functions= passthru,exec,shell_exec,system\n\nex:\ndisable_functions  = system,exec,passthru,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exe,c,popen,dl,set_time_limit\n\nex:\ndisable_functions = passthru,exec,shell_exec,system,fopen,mkdir,rmdir,chmod,unlink,dir,fopen,fread,fclose,fwrite,file_exists,closedir,is_dir,readdir.opendir,fileperms.copy,unlink,delfile\n<\/code><\/pre>\n<p>\u00a0<\/p>\n<p>refer<br>\nhttp:\/\/php.net\/manual\/en\/security.intro.php<br>\nhttp:\/\/www.cyberciti.biz\/tips\/php-security-best-practices-tutorial.html<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[10],"tags":[],"class_list":["post-276","post","type-post","status-publish","format-standard","hentry","category-securitysloution"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=276"}],"version-history":[{"count":0,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/276\/revisions"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=276"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=276"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}