Apache配置
<Directory /apps/web/usr/uploads>
php_flag engine off
</Directory>
<Directory ~ "^/apps/web/usr/uploads">
<Files ~ ".php">
Order allow,deny
Deny from all
</Files>
</Directory>
Nginx配置
location /usr/uploads {
location ~ .*\.(php)?$ {
deny all;
}
}
注意:这段配置一定要放在下面配置的前面才可以生效。
location ~ \.php(.*)$ {
fastcgi_pass unix:/tmp/php-73-cgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $DOCUMENT_ROOT$fastcgi_script_name;
fastcgi_param PATH_INFO $2;
include fcgi.conf;
}
Nginx完整配置示例(wdcp):
server {
listen 80;
root /home/web/blog/public_html;
server_name iyuu.cn www.iyuu.cn;
index index.html index.php index.htm;
error_page 400 /errpage/400.html;
error_page 403 /errpage/403.html;
error_page 404 /errpage/404.html;
error_page 503 /errpage/503.html;
location /usr/uploads {
location ~ .*\.(php)?$
{
deny all;
}
}
location ~ \.php(.*)$ {
fastcgi_pass unix:/tmp/php-73-cgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $DOCUMENT_ROOT$fastcgi_script_name;
fastcgi_param PATH_INFO $2;
include fcgi.conf;
}
location ~ /\.ht {
deny all;
}
location / {
try_files $uri $uri/ /?$args;
}
}
server {
listen 443;
root /home/web/blog/public_html;
ssl on;
ssl_certificate cert/iyuu.cn.crt;
ssl_certificate_key cert/iyuu.cn.key;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
server_name iyuu.cn www.iyuu.cn;
index index.html index.php index.htm;
error_page 400 /errpage/400.html;
error_page 403 /errpage/403.html;
error_page 404 /errpage/404.html;
error_page 503 /errpage/503.html;
location /usr/uploads {
location ~ .*\.(php)?$
{
deny all;
}
}
location ~ \.php(.*)$ {
fastcgi_pass unix:/tmp/php-73-cgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $DOCUMENT_ROOT$fastcgi_script_name;
fastcgi_param PATH_INFO $2;
include fcgi.conf;
}
location ~ /\.ht {
deny all;
}
location / {
try_files $uri $uri/ /?$args;
}
}
配置完成后,重载配置文件或重启Apache或Nginx服务,wdcp重启nginx系统管理
- 运行命令
,输入命令:
service nginxd restart
或者
/etc/rc.d/init.d/nginxd restart
之后所有通过uploads来访问php文件,都将返回403,大大地增加了web目录安全性。
版权属于:大卫科技Blog
本文链接:https://www.iyuu.cn/archives/84/
转载时须注明出处