Shulou(Shulou.com)06/02 Report--

Editor to share with you dedecms to cancel the server / host space directory script execution permission method, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

How does dedecms revoke the execution rights of server / host space directory scripts?

In the website security, it is very sensitive to the execution permission of the directory. Generally speaking, the directory that can be written can not have the execution permission of the script. For example, in the DedeCMS system, there are two directories that can be written. The data and uploads,data directories are mainly basic configuration files and cached data, while uploads is the directory where attachments are uploaded and saved.

This article will describe how to cancel the execution permissions of these two directories for different server environments. Of course, we also recommend that users generate other directories that generate pure static html, and remove the execution permissions if they have writable permissions, so that the system will be more secure.

IISIIS6.0 under Windows

Open the site in IIS, right-click in the site uploads directory, data directory and static html generation directory, select "Properties" from the menu, and select "none" in the directory properties panel. (figure 1)

(figure 1)

IIS7

IIS7 is also similar to IIS6.0, select the directory corresponding to the site, data, uploads, and static html file directories, and double-click the "handler mapping" in the function attempt panel (figure 2).

(figure 2)

In the "Edit function permissions." We can simply remove the execution permission of the script. (figure 3)

(figure 3)

Setting the execution permission of directory script under Apache independent host configuration

In Apache, there is no graphical management interface for IIS under Windows, so we need to manually modify the configuration file of apache to set the permissions for the execution of directory scripts.

First we find the configuration file httpd.conf for apache, which is usually in the conf folder under the apache installation directory (figure 4).

(figure 4)

Open the httpd.conf file and find the location in the content as shown in figure 5:

(figure 5)

Add the directory configuration that needs to restrict the execution of script files to the following:

The configuration is as follows:

The copy code is as follows:

Deny from all

The DIR in the configuration content is the directory where you need to restrict the execution of script files, and the content after FilesMatch is the suffix name of the script that needs to be qualified. For example, if you want to disable the PHP,ASP,JSP script under the uploads folder of the test site, configure it as follows:

(figure 6)

After the configuration is complete, restart apache, and the configuration will take effect!

Before the operation, I created a new index.php file under the uploads folder. Figure 7 shows the access before configuration.

(figure 7)

Figure 8 shows the effect of visiting the page after restarting apache.

(figure 8)

Virtual host / space configuration

Before configuration, you need to make sure that your space supports .htaccess and rewrite, which is based on the use of rewrite in the .htaccess file to disable the execution of specified scripts.

The contents of the rules are as follows:

The copy code is as follows:

RewriteEngine on RewriteCond%! ^ $RewriteRule uploads/ (. *). (php) $- [F] RewriteRule data/ (. *). (php) $- [F] RewriteRule templets/ (. *). (php) $- [F]

Restrictions on the execution of php scripts for three uploads,data,templets directories

Store the above content in a .hatccess file and store the file in the root directory of your site

In this way, the execution permission of the directory script is controlled, and the effect before and after uploading the rules is the same as figure 7 and figure 8.

The above is all the contents of dedecms's method of revoking the execution permission of the server / host space directory script, thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.