Apache2.4 htaccess - 无论如何,否定 ifModule 都会执行

tag-icon tag-icon apache-2.4 .htaccess
Apache2.4 htaccess - 无论如何,否定 ifModule 都会执行

考虑下面的 Apache conf 指令.htaccess

ErrorDocument 403 /dbug.html

<IfModule !mod_php5.c>
    Require all denied
</IfModule>

它拒绝访问,即使mod_php5处于活动状态,但忽略ErrorDocument
如果我删除它!会触发ErrorDocument 403- 它应该,但这是倒退的,错误的..

如有任何答复/建议我将不胜感激,谢谢。

答案1

在某些共享托管环境中,可以进行实时模块版本切换(热切换);因此,主模块名称(模块处理程序)可能与目标模块名称不同,但目标模块仅在被模块处理程序调用时才会显示存在。

解决方案是找到模块处理程序名称并引用该名称,而不是联系托管提供商。在这种情况下,模块处理程序名称是:mod_php_null(Hetzner);因此<ifModule !mod_php_null.c>将按预期工作 -但要为目标模块设置指令,请使用目标模块名称;因此将按<ifModule !mod_php7.c>预期工作。

如果此类模块没有“模块处理程序”,则在两种情况下都直接引用目标模块应该在服务器守护进程启动时加载并工作。

正如评论所指出的,作为不同共享或专用/托管服务器之间的可移植解决方案,这可能(部分)有利于安全性;所以我希望它对某些人有用:

改进的 .htaccess

# note :: important : read this
# -----------------------------------------------------------------------------------------------------------------------------
# the directives expressed in this file are compatible with shared hosting and crucial to security -and framework integrity
# the objective is to provide a fast/solid/stable runtime environment that compliments the designated PHP framework
# -----------------------------------------------------------------------------------------------------------------------------



# conf :: main : primary config for security & compatibility
# -----------------------------------------------------------------------------------------------------------------------------
   Options           -Indexes -Multiviews
   ServerSignature   Off
   DefaultLanguage   en-US
   AddDefaultCharset UTF-8
# -----------------------------------------------------------------------------------------------------------------------------



# cond :: 403 : trigger `Forbidden` if missing Apache modules .. it would be better to trigger 503 instead .. (possible?)
# -----------------------------------------------------------------------------------------------------------------------------
   <IfModule !mod_env.c>
      Require all denied
   </IfModule>
   <IfModule !mod_php_null.c>
      Require all denied
   </IfModule>
   <IfModule !mod_rewrite.c>
      Require all denied
   </IfModule>
   <IfModule !mod_headers.c>
      Require all denied
   </IfModule>
# -----------------------------------------------------------------------------------------------------------------------------



# defn :: vars : for DRYKIS principle .. (leave your sister out of this)
# -----------------------------------------------------------------------------------------------------------------------------
   <IfModule mod_env.c>
      SetEnv BOTMATCH "bot|crawl|fetch|find|grab|scan|search|site|slurp|spider|wget|curl"
   </IfModule>
# -----------------------------------------------------------------------------------------------------------------------------



# conf :: PHP-ini : runtime - some of these may be ignored on shared-hosting .. change `mod_php7` to the available PHP module
# -----------------------------------------------------------------------------------------------------------------------------
   <IfModule mod_php7.c>
      php_value default_charset     UTF-8
      php_value short_open_tag      On
      php_value display_errors      On
      php_value expose_php          Off
      php_value allow_url_fopen     On
      php_value memory_limit        128M
      php_value upload_max_filesize 32M
      php_value post_max_size       128M
      php_value max_input_time      30
      php_value max_execution_time  60
   </IfModule>
# -----------------------------------------------------------------------------------------------------------------------------



# conf :: headers : try to resolve self-signed-certificate issues and avoid version exploits .. PHP-ini "should" handle this
# -----------------------------------------------------------------------------------------------------------------------------
   <IfModule mod_headers.c>
      Header unset Server
      Header unset Strict-Transport-Security
      Header always set Strict-Transport-Security "max-age=0;includeSubDomains"
      Header always unset X-Powered-By
      Header unset X-Powered-By
   </IfModule>
# -----------------------------------------------------------------------------------------------------------------------------



# exec :: request : force compliance for: REST & FQDN & HTTPS/WSS .. the PHP framework handles all .. hide *debug* from "bots"
# -----------------------------------------------------------------------------------------------------------------------------
   <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteBase /

      RewriteCond %{HTTP:REQUEST_METHOD} !^$
      RewriteRule ^ - [R=400,L]

      RewriteCond %{HTTP:USER_AGENT} !^$
      RewriteRule ^ - [R=400,L]

      RewriteCond %{HTTP_X_Accept} !^$
      RewriteRule ^ - [R=400,L]

      RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
      RewriteRule ^ %{REQUEST_SCHEME}://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

      RewriteCond %{REQUEST_SCHEME} =http
      RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

      RewriteCond %{REQUEST_SCHEME} =ws
      RewriteRule ^ wss://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

      RewriteCond %{DOCUMENT_ROOT}/..php -f
      RewriteRule ^(.*)$ ..php [L]

      RewriteCond %{HTTP_USER_AGENT} "$BOTMATCH" [NC]
      RewriteRule ^ - [R=503,L]

      RewriteCond %{DOCUMENT_ROOT}/.auto/system/dbug.htm -f
      RewriteRule ^(.*)$ .auto/system/dbug.htm [L]

      RewriteRule ^ - [R=500,L]
   </IfModule>
# -----------------------------------------------------------------------------------------------------------------------------

相关内容