考虑下面的 Apache conf 指令.htaccess
:
ErrorDocument 403 /dbug.html
<IfModule !mod_php5.c>
Require all denied
</IfModule>
它拒绝访问,即使mod_php5
处于活动状态,但忽略ErrorDocument
如果我删除它!
会触发ErrorDocument 403
- 它应该,但这是倒退的,错误的..
如有任何答复/建议我将不胜感激,谢谢。
答案1
在某些共享托管环境中,可以进行实时模块版本切换(热切换);因此,主模块名称(模块处理程序)可能与目标模块名称不同,但目标模块仅在被模块处理程序调用时才会显示存在。
解决方案是找到模块处理程序名称并引用该名称,而不是联系托管提供商。在这种情况下,模块处理程序名称是:mod_php_null
(Hetzner);因此<ifModule !mod_php_null.c>
将按预期工作 -但要为目标模块设置指令,请使用目标模块名称;因此将按<ifModule !mod_php7.c>
预期工作。
如果此类模块没有“模块处理程序”,则在两种情况下都直接引用目标模块应该在服务器守护进程启动时加载并工作。
正如评论所指出的,作为不同共享或专用/托管服务器之间的可移植解决方案,这可能(部分)有利于安全性;所以我希望它对某些人有用:
改进的 .htaccess
# note :: important : read this
# -----------------------------------------------------------------------------------------------------------------------------
# the directives expressed in this file are compatible with shared hosting and crucial to security -and framework integrity
# the objective is to provide a fast/solid/stable runtime environment that compliments the designated PHP framework
# -----------------------------------------------------------------------------------------------------------------------------
# conf :: main : primary config for security & compatibility
# -----------------------------------------------------------------------------------------------------------------------------
Options -Indexes -Multiviews
ServerSignature Off
DefaultLanguage en-US
AddDefaultCharset UTF-8
# -----------------------------------------------------------------------------------------------------------------------------
# cond :: 403 : trigger `Forbidden` if missing Apache modules .. it would be better to trigger 503 instead .. (possible?)
# -----------------------------------------------------------------------------------------------------------------------------
<IfModule !mod_env.c>
Require all denied
</IfModule>
<IfModule !mod_php_null.c>
Require all denied
</IfModule>
<IfModule !mod_rewrite.c>
Require all denied
</IfModule>
<IfModule !mod_headers.c>
Require all denied
</IfModule>
# -----------------------------------------------------------------------------------------------------------------------------
# defn :: vars : for DRYKIS principle .. (leave your sister out of this)
# -----------------------------------------------------------------------------------------------------------------------------
<IfModule mod_env.c>
SetEnv BOTMATCH "bot|crawl|fetch|find|grab|scan|search|site|slurp|spider|wget|curl"
</IfModule>
# -----------------------------------------------------------------------------------------------------------------------------
# conf :: PHP-ini : runtime - some of these may be ignored on shared-hosting .. change `mod_php7` to the available PHP module
# -----------------------------------------------------------------------------------------------------------------------------
<IfModule mod_php7.c>
php_value default_charset UTF-8
php_value short_open_tag On
php_value display_errors On
php_value expose_php Off
php_value allow_url_fopen On
php_value memory_limit 128M
php_value upload_max_filesize 32M
php_value post_max_size 128M
php_value max_input_time 30
php_value max_execution_time 60
</IfModule>
# -----------------------------------------------------------------------------------------------------------------------------
# conf :: headers : try to resolve self-signed-certificate issues and avoid version exploits .. PHP-ini "should" handle this
# -----------------------------------------------------------------------------------------------------------------------------
<IfModule mod_headers.c>
Header unset Server
Header unset Strict-Transport-Security
Header always set Strict-Transport-Security "max-age=0;includeSubDomains"
Header always unset X-Powered-By
Header unset X-Powered-By
</IfModule>
# -----------------------------------------------------------------------------------------------------------------------------
# exec :: request : force compliance for: REST & FQDN & HTTPS/WSS .. the PHP framework handles all .. hide *debug* from "bots"
# -----------------------------------------------------------------------------------------------------------------------------
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP:REQUEST_METHOD} !^$
RewriteRule ^ - [R=400,L]
RewriteCond %{HTTP:USER_AGENT} !^$
RewriteRule ^ - [R=400,L]
RewriteCond %{HTTP_X_Accept} !^$
RewriteRule ^ - [R=400,L]
RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
RewriteRule ^ %{REQUEST_SCHEME}://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{REQUEST_SCHEME} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{REQUEST_SCHEME} =ws
RewriteRule ^ wss://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{DOCUMENT_ROOT}/..php -f
RewriteRule ^(.*)$ ..php [L]
RewriteCond %{HTTP_USER_AGENT} "$BOTMATCH" [NC]
RewriteRule ^ - [R=503,L]
RewriteCond %{DOCUMENT_ROOT}/.auto/system/dbug.htm -f
RewriteRule ^(.*)$ .auto/system/dbug.htm [L]
RewriteRule ^ - [R=500,L]
</IfModule>
# -----------------------------------------------------------------------------------------------------------------------------