不讓上傳的目錄執行PHP
httpd.conf 在網站的上傳目錄設定下<Directory "/var/www/html/upload">
AllowOverride None
php_flag engine off
Allow from all
</Directory>
.html 也能執行 PHP
# vim /etc/httpd/conf.d/php.confAddHandler php5-script .php .html .htm
AddType text/html .php
AddType application/x-httpd-php .html .htm
隱藏 Apache server information
# vim /etc/http/conf/httpd.conf
ServerSignature Off
ServerTokens Prod
隱藏 PHP version (X-Powered-By)
# vim /etc/php.iniexpose_php = Off
Prod or ProductOnly – Server sends (e.g.): Server: Apache
ServerTokens Prod
Major – Server sends (e.g.): Server: Apache/2
ServerTokens Major
Minor – Server sends (e.g.): Server: Apache/2.2
ServerTokens Minor
Min or Minimal – Server sends (e.g.): Server: Server: Apache/2.2.4
ServerTokens Min
OS – Server sends (e.g.): Server: Apache/2.2.4 (CentOS)
ServerTokens OS
Full or not specified – Server sends (e.g.): Server: Apache/2.2.4 (CentOS) PHP/5.2.3-Fedroa ServerTokens Full
ServerTokens setting applies to the entire server, and cannot be enabled or disabled on a virtualhost-by-virtualhost basis.
Web 控制 Browser Cache 的方式
http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
http-equiv="Pragma" content="no-cache" />
http-equiv="Expires" content="0" />
沒有留言:
張貼留言