- 金錢
- 722437
- 威望
- 8774
- 貢獻值
- 56085
- 推廣值
- 7
- 性別
- 保密
- 在線時間
- 7032 小時
- 最後登錄
- 2019-6-22
- 主題
- 4500
- 精華
- 3
- 閱讀權限
- 200
- 註冊時間
- 2010-8-12
- 帖子
- 5523
TA的每日心情 | 開心 2019-6-20 04:21 |
---|
簽到天數: 610 天 [LV.9]以壇為家II - 推廣值
- 7
- 貢獻值
- 56085
- 金錢
- 722437
- 威望
- 8774
- 主題
- 4500
|
樓主
發表於 2011-6-14 14:01:24
簡介許多 PHP 應用程式都是透過適用於 Apache Web 伺服器的設定檔散佈。這些設定檔 (通常稱為 .htaccess 檔案) 包含一些設定,可用來整合應用程式與 Web 伺服器功能。
IIS 7 使用稱為 Web.config 的檔案來保存應用程式整合設定。Web.config 檔案包含可控制模組載入、安全性設定、工作階段狀態設定、應用程式語言與編譯設定的資訊。Web.config 檔案也可以包含應用程式特定項目,例如資料庫連接字串。
本文說明 PHP 應用程式使用 .htaccess 檔案的常見情況,並說明如何使用 Web.config 檔案來存取 IIS 中的相同功能。
範例應用程式設定檔下列範例是範例應用程式的兩個設定檔:.htaccess 檔案與 Web.config 檔案。
範例應用程式 .htaccess 檔案#
# Apache/PHP/Application settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template)$">
Order allow,deny
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Follow symbolic links in this directory.
Options +FollowSymLinks
# Make Application handle any 404 errors.
ErrorDocument 404 /index.php
# Force simple error message for requests for non-existent favicon.ico.
<Files favicon.ico>
ErrorDocument 404 "The requested file favicon.ico was not found.
</Files>
# Set the default handler.
DirectoryIndex index.php
# Override PHP settings. More in sites/default/settings.php
# but the following cannot be changed at runtime.
# PHP 4, Apache 1.
<IfModule mod_php4.c>
php_value magic_quotes_gpc 0
php_value register_globals 0
php_value session.auto_start 0
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_value mbstring.encoding_translation 0
</IfModule>
# PHP 4, Apache 2.
<IfModule sapi_apache2.c>
php_value magic_quotes_gpc 0
php_value register_globals 0
php_value session.auto_start 0
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_value mbstring.encoding_translation 0
</IfModule>
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_value magic_quotes_gpc 0
php_value register_globals 0
php_value session.auto_start 0
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_value mbstring.encoding_translation 0
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
# Do not cache dynamically generated pages.
ExpiresByType text/html A1
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...)
# adapt and uncomment the following:
# RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
# RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment and adapt the following:
# RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
# RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
# Modify the RewriteBase if you are using Application in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/application uncomment and
# modify the following line:
# RewriteBase /application
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
# RewriteBase /
# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
</IfModule>
# $Id: .htaccess,v 1.90.2.1 2008/07/08 09:33:14 goba Exp $範例應用程式 Web.config 檔案<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<configSections>
<sectionGroup name="system.webServer">
<sectionGroup name="rewrite">
<section name="rewriteMaps" overrideModeDefault="Allow" />
<section name="rules" overrideModeDefault="Allow" />
</sectionGroup>
</sectionGroup>
</configSections>
<system.webServer>
<security>
<!-- This section should be uncommented after
installation to secure the installation. -->
<!--
<requestFiltering>
<denyUrlSequences>
<add sequence="engine" />
<add sequence="inc" />
<add sequence="info" />
<add sequence="module" />
<add sequence="profile" />
<add sequence="po" />
<add sequence="sh" />
<add sequence="theme" />
<add sequence="tpl(\.php" />
<add sequence="Root" />
<add sequence="Tag" />
<add sequence="Template" />
<add sequence="Repository" />
<add sequence="code-style" />
</denyUrlSequences>
<fileExtensions>
<add fileExtension=".sql" allowed="false" />
<add fileExtension=".pl" allowed="false" />
</fileExtensions>
</requestFiltering>
-->
</security>
<directoryBrowse enabled="true" />
<caching>
<profiles>
<add extension=".php" policy="DisableCache" kernelCachePolicy="DisableCache" />
<add extension=".html" policy="CacheForTimePeriod" kernelCachePolicy="CacheForTimePeriod" duration="14:00:00:00" />
</profiles>
</caching>
<rewrite>
<rules>
<rule name="block favicon" stopProcessing="true">
<match url="favicon\.ico" />
<action type="CustomResponse" statusCode="404" subStatusCode="1"
statusReason="The requested file favicon.ico was not found"
statusDescription="The requested file favicon.ico was not found" />
</rule>
<rule name="Imported Rule 1" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{HTTP_HOST}" pattern="^example\.com$" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="http://www.example.com/{R:1}" />
</rule>
<rule name="Imported Rule 2" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
<add input="{URL}" pattern="^/favicon.ico$" ignoreCase="false" negate="true" />
</conditions>
<action type="Rewrite" url="index.php?q={R:1}" appendQueryString="true" />
</rule>
</rules>
</rewrite>
<defaultDocument>
<files>
<remove value="index.php" />
<add value="index.php" />
</files>
</defaultDocument>
<!-- HTTP Errors section should only be enabled if the "Error Pages"
feature has been delegated as "Read/Write" at the Web Server level.
<httpErrors>
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" prefixLanguageFilePath="" path="/index.php" responseMode="ExecuteURL" />
</httpErrors>
-->
</system.webServer>
</configuration>要求篩選此應用程式使用 .htacess 檔案中的 FilesMatch 指示詞來限制瀏覽器對於檔案 (應用程式的元件) 的存取。
<FilesMatch "\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template)$">
Order allow,deny
</FilesMatch>IIS 7 使用「要求篩選」模組來限制瀏覽器對於檔案 (應用程式的元件) 的存取。對於 Web.config 檔案中的範例應用程式,區段看起來應該像這樣:
<security>
<requestFiltering>
<denyUrlSequences>
<add sequence="engine" />
<add sequence="inc" />
<add sequence="info" />
<add sequence="install" />
<add sequence="module" />
<add sequence="profile" />
<add sequence="po" />
<add sequence="sh" />
<add sequence="theme" />
<add sequence="tpl(\.php" />
<add sequence="Root" />
<add sequence="Tag" />
<add sequence="Template" />
<add sequence="Repository" />
<add sequence="code-style" />
</denyUrlSequences>
<fileExtensions>
<add fileExtension=".sql" allowed="false" />
<add fileExtension=".pl" allowed="false" />
</fileExtensions>
</requestFiltering>
</security>請注意,對於安裝作業,您可以將此區段維持為註解狀態,因為安裝指令碼會由此篩選封鎖。
另一種使用要求篩選的替代方式是使用 URL Rewrite Module,針對任何符合的檔案類型傳回 403 錯誤。URL Rewrite Module 的優點是它使用規則運算式來進行比對。
<rule name="Protect files and directories from prying eyes" stopProcessing="true">
<match url="\.(engine|inc|info|install|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format)$" />
<action type="CustomResponse" statusCode="403" subStatusCode="0"
statusReason="Forbidden"
statusDescription="Access is forbidden." />
</rule>預設文件在範例應用程式的 .htaccess 檔案中,DirectoryIndex 指示詞可告知 Web 伺服器要載入哪個檔案 (若 URL 未包含檔案名稱)。
# Set the default handler.
DirectoryIndex index.php對於 IIS 7,應該在與「模組處理常式」一樣高的網站階層中設定預設文件。例如,使用 PHP 時,「模組處理常式」通常是在 Web 伺服器層級設定。預設文件也應該在該層級設定,而非在本機網站的內容中設定。Web.config 檔案中的下列程式碼可確保此情況:
<defaultDocument>
<files>
<remove value="index.php" />
<add value="index.php" />
</files>
</defaultDocument>URL 重寫IIS 7 包含 URL Rewrite Module。您可以使用此延伸模組來提供規則,讓 IIS 重寫傳入 URL 要求。使用「URL 重寫」的最常見情況是提供較短的易記 URL。
許多 PHP 應用程式目前都隨附重寫規則做為其 .htaccess 檔案的一部分。這些規則可告知 Apache 的 mod_rewrite 應如何以及何時重寫傳入要求。IIS 7 的 URL Rewrite Module 可讀取這些規則,並將它們轉譯為 URL Rewrite 規則。
如需有關匯入 Apache mod_rewrite 規則的詳細資訊,請參閱:匯入 Apache mod_rewrite 規則。
對於範例應用程式,.htaccess 檔案中的相關 mod_rewrite 規則是:
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]IIS 的 URL Rewriter 模組可讀取並轉譯這些規則。轉譯的 URL Rewriter 規則是:
<rewrite>
<rules>
<rule name="Imported Rule 1" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{HTTP_HOST}" pattern="^example\.com$" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="http://www.example.com/{R:1}" />
</rule>
<rule name="Imported Rule 2" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
<add input="{URL}" pattern="^/favicon.ico$" ignoreCase="false" negate="true" />
</conditions>
<action type="Rewrite" url="index.php?q={R:1}" appendQueryString="true" />
</rule>
</rules>
</rewrite>錯誤頁面重新導向 / 處理某些應用程式會在應用程式範圍處理標準錯誤。範例應用程式之 .htaccess 檔案中的 ErrorDocument 指示詞可告知 Web 伺服器針對任何 404 或「找不到檔案」錯誤載入首頁。
# Make Application handle any 404 errors.
ErrorDocument 404 /index.phpIIS 針對此功能使用 httpErrors 指示詞。但是,因為在應用程式層級設定此項目的功能在 IIS 中預設是關閉的,因此您必須將此區段變更為註解。
<!-- HTTP Errors section should only be enabled if the "Error Pages"
feature has been delegated as "Read/Write" at the Web Server level.
<httpErrors>
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" prefixLanguageFilePath="" path="/index.php" responseMode="ExecuteURL" />
</httpErrors>
-->瀏覽目錄另一個經常實作的應用程式安全性 (或完整性) 機制是停用從用戶端瀏覽目錄的功能。許多 Web 伺服器設定都可以讓使用者檢視不包含其中一個預設文件檔案之目錄中的檔案清單。在範例應用程式的 .htaccess 檔案中,是使用 Options 指示詞停用此功能:
# Don't show directory listings for URLs which map to a directory.
Options -IndexesIIS 在 Web.config 檔案中使用 directoryBrowse 指示詞來限制此存取:
<directoryBrowse enabled="false" /> 快取老化快取指示詞可用來確保靜態內容會被快取一段時間,而動態內容一律不會被快取。在範例應用程式的 .htaccess 檔案中,會使用 mod_expires 模組提供的 ExpiresBy 指示詞。
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
# Do not cache dynamically generated pages.
ExpiresByType text/html A1
</IfModule>在 Web.config 檔案中,IIS 使用「輸出快取」模組與快取指示詞來控制快取功能。對於範例應用程式,您可以為 .html 檔案啟用快取功能最多 14 天。對於 .php 檔案,請使用下列程式碼來確保不會執行任何快取功能:
<caching>
<profiles>
<add extension=".php" policy="DisableCache" kernelCachePolicy="DisableCache" />
<add extension=".html" policy="CacheForTimePeriod" kernelCachePolicy="CacheForTimePeriod" duration="14:00:00:00" />
</profiles>
</caching>
|
|