Minibox禁止特定目錄中的 *.php 被執行 (Apache HTTP Server)
2024-03-19
避免上傳 .php 檔案到網站目錄後 被執行
例如 Wordpress ,上傳 .php 到 wp-content/upload 時,不希望 upload目錄下的 php檔案 被執行
只要在 wp-content/upload 目錄中放 .htaccess 檔案
即可阻擋 upload 目錄中的任何 *.php被執行 (會出現 403 Forbidden)
.htaccess 內容是:
<Files ~ "\.php$">
Require all denied
</Files>
或
<FilesMatch "\.(php|phtml)$">
Require all denied
</FilesMatch>適用於 apache httpd 2.4 + mod_php 或 php-fpm
另外,也可在 httpd.conf 設定檔案中,加入
#整個網站都禁止 .php 被執行
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName photo.xyz.com
RemoveHandler .php .phtml .php3
RemoveType .php .phtml .php3
php_flag engine off
:: ::
</VirtualHost>
適用於 apache httpd 2.4 + mod_php
<br>
php-fpm 不適用以上方法
或
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName photo.xyz.com
#禁止 upload/ 底下的 *.php 被執行
<Directory "/var/www/html/upload/">
<Files "*.php">
Order Deny,Allow
Deny from All
</Files>
</Directory>
</VirtualHost>
適用於 apache httpd 2.4 + mod_php 或 php-fpm其它 .htaccess 常用到的設定
#設定靜態檔案的快取時間
<IfModule mod_headers.c>
#要設定的檔案類型
<FilesMatch ".(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|gz)$">
#604800秒=1週
Header set Cache-Control "max-age=604800, public"
</FilesMatch>
</IfModule>
# 讓 apache 自動對檔案 gzip壓縮
<ifModule mod_deflate.c>
DeflateCompressionLevel 6
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/postscript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilter DEFLATE js css
</ifModule>
# Expires Headers
# 設定讓瀏覽器中 各式檔案的暫存過期時間
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 3600 seconds"
ExpiresByType application/javascript "access plus 8 week"
ExpiresByType application/x-javascript "access plus 8 week"
ExpiresByType text/javascript "access plus 8 week"
ExpiresByType text/css "access plus 2678400 seconds"
ExpiresByType text/html "access plus 2678400 seconds"
ExpiresByType text/xml "access plus 2678400 seconds"
ExpiresByType text/plain "access plus 2678400 seconds"
ExpiresByType image/svg+xml "access plus 2678400 seconds"
ExpiresByType image/gif "access plus 2 months"
ExpiresByType image/jpg "access plus 2 months"
ExpiresByType image/jpeg "access plus 2 months"
ExpiresByType image/png "access plus 2 months"
ExpiresByType image/bmp "access plus 10 day"
</IfModule>
#各種時間的寫法
# "access plus 1 year"
# "access plus 2 months"
# "access plus 8 week"
# "access plus 10 day"
# "access plus 3600 seconds"
#也可針對不同的附檔名,設定檔案暫存的過期時間
<IfModule mod_expires.c>
<FilesMatch ".(ico|pdf|jpg|jpeg|png|gif)$">
ExpiresActive On
ExpiresDefault "access plus 84600 seconds"
</FilesMatch>
</IfModule>
#阻擋惡意的機器人
#Amazonbot最近亂抓一通 應該是為了訓練AI
<IfModule mod_setenvif.c>
SetEnvIfNoCase User-Agent (Amazonbot) bad_bot
SetEnvIfNoCase User-Agent (Barkrowler|coccoc|FeedBurner|Bytespider|daum|petalbot|Yandex) bad_bot
SetEnvIfNoCase User-Agent (python|WBSearchBot|ias_crawler|CCBot|ltx71) bad_bot
SetEnvIfNoCase User-Agent (SurdotlyBot|BUbiNG|MegaIndex|Exabot|ntiny|NativeHost) bad_bot
SetEnvIfNoCase User-Agent (GSLFbot|SWEBot|Slurp|Baidu|YoudaoBot|sogou|MLBot|TwengaBot-Discover) bad_bot
SetEnvIfNoCase User-Agent (Purebot|Sosospider|HTTrack|WebZIP|libwww|NaverBot|SURF|tele) bad_bot
SetEnvIfNoCase User-Agent (TurnitinBot|WMFSDK|NSPlayer|ZyBorg|sohu-search|Crawler|Indy) bad_bot
SetEnvIfNoCase User-Agent (LinkWalker|DTS|WebFetch|psbot|EMPAS_ROBOT|NetCarta|AmigaPort|Harvest) bad_bot
SetEnvIfNoCase User-Agent (Scooter|NaviPress|Downes|Buddy|RMA|NutchCVS|TutorGigBot|Webinator) bad_bot
SetEnvIfNoCase User-Agent (Yeti|cfetch|Holmes|PHPOpenChat|HappyFunBot|PussyCat) bad_bot
SetEnvIfNoCase User-Agent (click|Gaint|BSC|msnbot-media|GetRight|SurdotlyBot|Qwantify) bad_bot
SetEnvIfNoCase User-Agent (BLEXBot|JikeSpider|AlphaBot|qihoobot|webbot) bad_bot
SetEnvIfNoCase User-Agent (wcpan|MeroBot|Offline|Glimpse|MFHttpScan|WebCopier|User-Agent) bad_bot
SetEnvIfNoCase User-Agent (sqlmap|dotbot) bad_bot
# Apache >= 2.3
<IfModule mod_authz_core.c>
<RequireAll>
Require all Granted
Require not env bad_bot
</RequireAll>
</IfModule>
</IfModule>
留言
