我尝试配置我的 Apache 2.4 Debian Web 服务器以进行 PHP-POST 文件上传。但我怀疑我是否理解正确,因此在使用前想问一下。我需要一个用于文件上传的 tmp 目录,检查文件后我想将其复制到另一个目录。
在 /etc/apache2/apache.conf 中我刚刚更改了:
#comment, because this is in virtual hosts file
#<Directory /var/www/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>
这是我的虚拟主机文件:
<VirtualHost *:80>
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias "/upload" "/var/www/upload"
#Directory for file upload (temp)
<Directory "/var/www/upload/">
Require all granted
AllowOverride None
SetHandler none
SetHandler default-handler
Options -ExecCGI
php_flag engine off
RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
<Files *>
AllowOverride None
SetHandler none
SetHandler default-handler
Options -ExecCGI
php_flag engine off
RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
</Files>
</Directory>
Alias "/pics" "/var/www/pics"
#to save the pictures
<Directory "/var/www/pics/">
AllowOverride None
SetHandler none
SetHandler default-handler
Options -ExecCGI
php_flag engine off
RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
<Files *>
AllowOverride None
SetHandler none
SetHandler default-handler
Options -ExecCGI
php_flag engine off
RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
</Files>
</Directory>
ScriptAlias "/php" "/var/www/php"
#Directory for secret php-Scripts like mysql-connect, etc
<Directory "/var/www/php/">
AllowOverride None
Options ExecCGI
LoadModule php5_module modules/libphp5.so
php_flag engine on
</Directory>
#Directory for index.php and .php .html pages
#<Directory "/var/www/html/">
<Directory "/">
Require all granted
AllowOverride None
Options ExecCGI Indexes FollowSymLinks
LoadModule php5_module modules/libphp5.so
php_flag engine on
</Directory>
</VirtualHost>
作为权限我将使用这个:(Apache-User 是 www-data 我的用户是 webadmin 组是 fe web(webadmin,www-data))
chown webadmin /var/www/html
chgrp web /var/www/html
chmod 755 /var/www/html
chmod 644 /var/www/html/*
chown webadmin /var/www/php
chgrp web /var/www/php
chmod 755 /var/www/php
chmod 711 /var/www/php/*
(just execute the files)
chown webadmin /var/www/pics
chgrp web /var/www/pics
chmod 740 /var/www/pics
chmod 600 /var/www/pics/*
(www-data have the write)
chown webadmin /var/www/upload
chgrp web /var/www/upload
chmod 775 /var/www/upload
chmod 775 /var/www/upload/*
我可以做哪些更改来使其更好或更安全?我忘记了什么?哪些权限更好?
答案1
检查用户“www-data”是否在“web”组中