How does dedecms cancel the execution permission of scripts in the server/host space directory?

dedecmsHow to cancel the execution permission of scripts in the server/host space directory?

In website security, the execution permission of the directory is very sensitive. Generally speaking, the directory that can be written cannot have the execution permission of the script. For example, the DedeCMS system can be written. There are two directories, data and uploads. The data directory mainly contains basic configuration files and cached data, and uploads is the directory where attachments are uploaded and saved.

This article will introduce how to cancel these two directories for different server environments. Execution permissions. Of course, we also recommend that users remove execution permissions from other directories that generate pure static HTML and have writable permissions, so that the system will be more secure.

Recommended learning: dedecms tutorial

IISIIS6.0 under Windows

Open the site in IIS and go to the site uploads directory , data directory and static html generated directory, right-click, select "Properties" from the menu, and select "None" for execution permission in the directory properties panel. (As shown in Figure 1)

(Figure 1)

IIS7

IIS7 Also similar to IIS6.0, select the directory corresponding to the site, data, uploads and static html file directory, double-click "Handler Mapping" in the function view panel (Figure 2)

(Figure 2)

In "Edit function permissions...", we can directly remove the execution permission of the script. (As shown in Figure 3)

(Figure 3)

Execution permission settings for directory scripts under Apache Independent host configuration

In Apache, there is no graphical management interface for IIS under Windows. We need to manually modify the apache configuration file to set the execution permissions of the directory script.

First we find the apache configuration file httpd.conf. Normally, the configuration file is in the conf folder in the apache installation directory (Figure 4).

(Picture 4)

Open the httpd.conf file and find the location in the content as shown in Figure 5:

(Figure 5)

Add the directory configuration that needs to restrict the execution of script files below:

The configuration content is:

Copy the code as follows:

<Directory "DIR">    
<FilesMatch ".(php|asp|jsp)$">     
    Deny from all    
</FilesMatch>
</Directory>

The DIR in the configuration content is the directory where the execution of script files needs to be restricted, and the content after FilesMatch is the suffix name of the script that needs to be restricted. For example: If you need to prohibit the running of PHP, ASP, and JSP scripts in the uploads folder of the test site, configure the following Figure 6:

(Figure 6)

After the configuration is completed, restart apache and the configuration will take effect!

Before the operation, I created a new index.php file in the uploads folder. Figure 7 shows the access situation before configuration

(Figure 7 )

Figure 8 shows the effect of accessing this page after restarting apache.

(Figure 8)

Virtual host/space configuration

Before configuring, you need to confirm whether your space supports .htaccess and rewrite , this method is based on using rewrite in the .htaccess file to achieve the effect of prohibiting the execution of the specified script.

The rules are as follows:

Copy the code as follows:

RewriteEngine on  RewriteCond % !^$  
RewriteRule uploads/(.*).(php)$ – [F]  
RewriteRule data/(.*).(php)$ – [F]  
RewriteRule templets/(.*).(php)$ – [F]

There are restrictions on the execution of php scripts for the uploads, data, and templets directories;

Store the above content in the .hatccess file, and store the file in the root directory of your site.

In this way, the execution permission of the directory script is controlled. The effect before and after uploading the rules is the same as Figure 7. Figure 8.

The above is the detailed content of How does dedecms cancel the execution permission of scripts in the server/host space directory?. For more information, please follow other related articles on the PHP Chinese website!