我的一个项目有人试图访问 laravel 中的 index.php 文件。
日志:-
{
"ip":"45.155.205.108","url":"/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21",
"agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
}
{
"ip":"45.155.205.108","url":"/?XDEBUG_SESSION_START=phpstorm",
"agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
}
{
"ip":"54.81.156.74","url":"/",
"agent":"python-requests/2.24.0"
}
有人请指教在 apache 和 .htaccess 上需要添加什么安全配置吗
答案1
最后,我找到了解决方案。我在虚拟主机中添加了以下配置
<Directory /var/www/example.com/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
deny from all
allow from ***.***.***.*** ----> your ip here
Require all granted
</Directory>