AllowOverride none
Require all denied #拒绝所有文件读,可读文件需要单独列出并给予读权限
Require all denied #拒绝运行所有.ht类型文件
DirectoryIndex index.html #存在即加载
虚拟主机三种实现方法:
在/var/www/html创建两个目录A和B,添加索引页以区别不同的网站
tree /var/www/html/
/var/www/html/
├── A
│ └── index.html
└── B
└── index.html
cat /var/www/html/A/index.html
Aa
cat /var/www/html/B/index.html
BbBb
a. 基于IP
给主机添加ip
nmcli con modify eno16777984 +ipv4.addresses 192.168.1.80/24
创建虚拟主机配置文件
cat /etc/httpd/conf.d/00-vh-ip.conf
禁止https站点提供非加密内容
在TLS虚拟主机块添加描述
Header always set Strict-Transport-Security "max-age=15768000"
http自动跳转https
新建一http虚拟主机(捕获所有80端口流量),使用和捕获所有443端口流量的https虚拟主机相同的ServerName
RewriteEngine on
RewriteRule ^(/.*)$ http://%{HTTP_HOST}$1 [redirect=301]
CGI: common gateway interface
when a CGI resource is requested, httpd executes the resources as a process and serves the stdout of that process.
popular CGI resouces writing in perl,Java and C
to have httpd treat a location as CGI executables
ScriptAlias /cgi-bin "/var/www/cgi-bin"
CGI scritps exectued as apache user and group
label with httpd_sys_script_exec_t
have Options None and access granted using
dynamic PHP
yum -y install php, will add mod_php to httpd
SetHandler application/x-httpd-php
DirectoryIndex index.php
dynamic python
python scripts can be served out using regular CGI, both python and httpd support new protocol: Web Server Gateway Interface
yum -y install mod_wsgi
WSGIScriptAlias /myapp/ /srv/myapp/www/myapp.py
this will send all request for http://servername/myapp and any resouces below it to the WSGI application
/srv/myapp/www/myapp.py
application should be executable by apache user and group, selinux label httpd_sys_content_t
Database connectivity
allow connect to a remote host database, set seboolean to 1
httpd_can_network_connect_db
remote database not using well known ports
httpd_can_network_connect
QQ群⑧:
窥视卡
雷达卡
发表于 2018-11-20 09:18:04
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡