centos7.6LAMP配置(三)
一.配置防盗链:
编辑虚拟主机配置文件:
[root@ligenkelong ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
增加如下配置:
SetEnvIfNoCase Referer "http://111.com" local_ref #白名单
SetEnvIfNoCase Referer "192.168.247.1" local_ref #白名单
#SetEnvIfNoCase Referer "^$" local_ref #全部白名单
#匹配的文件类型
Order Allow,Deny
Allow from env=local_ref
[root@ligenkelong ~]# /usr/local/apache2.4/bin/apachectl -t
[root@ligenkelong ~]# /usr/local/apache2.4/bin/apachectl graceful
测试:
curl -e参数定义referer ,一定要以http://开头
[root@ligenkelong ~]# curl -e “http://192.168.247.1” -x127.0.0.1:80 111.com/qq.png -I
HTTP/1.1 200 OK
[root@ligenkelong ~]# curl -e “http:www.qq.com” -x127.0.0.1:80 111.com/qq.png -I
HTTP/1.1 403 Forbidden
二.访问控制:
- 限制ip访问:
编辑虚拟主机配置文件:
[root@ligenkelong ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
测试:
[root@ligenkelong ~]# curl -x127.0.0.1:80 -I 111.com/admin/index.php
HTTP/1.1 200 OK
- 单独对文件进行限制:
在配置文件中增加:
Order deny,allow
Deny from all
Allow from 127.0.0.1
\
\
- 禁止解析php代码:
增加下面代码:
php_admin_flag engine off #关闭php解析
#匹配文件类型
Order allow,Deny
Deny from all
\
\
- 针对浏览器标识user_agent:
\
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR] #
RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC]
RewriteRule .* - [F]
\
%{HTTP_USER_AGENT}为user_agent的内置变量,当user_agent匹配curl或者baidu.com时,都会触发规则
OR:表示或者,NC表示不区分大小写
F:相当于Forbidden
测试:
[root@ligenkelong ~]# curl -x127.0.0.1:80 111.com -I
HTTP/1.1 403 Forbidden
[root@ligenkelong ~]# curl -x127.0.0.1:80 111.com -I -A “111”
HTTP/1.1 200 OK
三.php配置:
php的配置文件,查看配置文件位置:
[root@ligenkelong ~]# /usr/local/php/bin/php -i |grep -i "loaded configuration file"
Loaded Configuration File => (none)
或者创建当前站点目录下创建一个 phpinfo()的php文件,浏览器访问
Configuration File (php.ini) Path /usr/local/php/etc
配置:
[root@ligenkelong php-5.6.39]# cd /usr/local/src/php-5.6.39/
[root@ligenkelong php-5.6.39]# cp php.ini-development /usr/local/php/etc/php.ini
[root@ligenkelong php-5.6.39]# /usr/local/apache2.4/bin/apachectl -t
[root@ligenkelong php-5.6.39]# /usr/local/apache2.4/bin/apachectl graceful
定义时区(配置文件):
date.timezone = Asia/ShangHai
关闭错误信息输出到浏览器上:
display_errors = Off
配置错误日志:
error_log = /tmp/php_errors.log
error_reporting = E_ALL #把所有的错误都记录下来
禁止函数:
disable_functions = eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,phpinfo
将网站限定目录open_basedir:
限制所有站点的目录:
[root@ligenkelong 111.com]# vim /usr/local/php/etc/php.ini
open_basedir = /data/wwwroot/111.com:/tmp
单个单个虚拟主机限制,修改虚拟主机配置:
[root@ligenkelong 111.com]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
php_admin_value open_basedir "/data/wwwroot/111.com:/tmp/"
四.php扩展安装:
举例redis:
[root@ligenkelong phpredis-develop]# cd /usr/local/src/
[root@ligenkelong phpredis-develop]# wget https://codeload.github.com/phpredis/phpredis/zip/develop #它是一个zip包
[root@ligenkelong phpredis-develop]# mv develop phpredis-develop.zip
[root@ligenkelong phpredis-develop]# unzip phpredis-develop.zip
[root@ligenkelong phpredis-develop]# cd phpredis-develop
[root@ligenkelong phpredis-develop]# /usr/local/php/bin/phpize #生成configure配置文件
如果失败,安装:
[root@ligenkelong phpredis-develop]# yum install -y autoconf
[root@ligenkelong phpredis-develop]# ./configure --with-php-config=/usr/local/php/bin/php-config
[root@ligenkelong phpredis-develop]# make
扩展模块位置查询:
[root@ligenkelong phpredis-develop]# /usr/local/php/bin/php -i |grep -i extension_dir
[root@ligenkelong phpredis-develop]# ls /usr/local/php/lib/php/extensions/no-debug-zts-20131226
opcache.so pdo_mysql.so
在配置文件中写入:
[root@ligenkelong phpredis-develop]# vim /usr/local/php/etc/php.ini
extension=redis.so
[root@ligenkelong phpredis-develop]# /usr/local/php/bin/php -m |grep redis