1. 首頁
  2. 問答
  3. 由於.htaccess獲取錯誤500

由於.htaccess獲取錯誤500

2016-03-22 43 views
0

我是新來的.htaccess,但必須採取這種方式來保護服務器上的圖片上傳文件夾。我目前使用的是上述所有說明上傳的腳本,但我無法鏈接到來自同一站點的圖像,我收到錯誤「服務器響應狀態500(內部服務器錯誤) 「如果我嘗試直接訪問成功上傳的文件(在網站上顯示它)。由於.htaccess獲取錯誤500

代碼來自here

IndexIgnore * 
AddHandler cgi-script .php .php2 .php3 .php4 .php5 .php6 .php7 .php8 .pl .py .js .jsp .asp .htm .html .shtml .sh .cgi 
Options -ExecCGI -Indexes 

RewriteEngine On 
RewriteRule ^(php\.ini|\.htaccess) - [NC,F] 

RewriteCond %{REQUEST_URI} ((php|my|bypass)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|c100|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR] 
RewriteCond %{REQUEST_URI} (\.exe|\.php\?act=|\.tar|_vti|afilter=|algeria\.php|chbd|chmod|cmd|command|db_query|download_file|echo|edit_file|eval|evil_root|exploit|find_text|fopen|fsbuff|fwrite|friends_links\.|ftp|gofile|grab|grep|htshell|\ -dump|logname|lynx|mail_file|md5|mkdir|mkfile|mkmode|MSOffice|muieblackcat|mysql|owssvr\.dll|passthru|popen|proc_open|processes|pwd|rmdir|root|safe0ver|search_text|selfremove|setup\.php|shell|ShellAdresi\.TXT|spicon|sql|ssh|system|telnet|trojan|typo3|uname|unzip|w00tw00t|whoami|xampp) [NC,OR] 
RewriteCond %{QUERY_STRING} (\.exe|\.tar|act=|afilter=|alter|benchmark|chbd|chmod|cmd|command|cast|char|concat|convert|create|db_query|declare|delete|download_file|drop|edit_file|encode|environ|eval|exec|exploit|find_text|fsbuff|ftp|friends_links\.|globals|gofile|grab|insert|localhost|logname|loopback|mail_file|md5|meta|mkdir|mkfile|mkmode|mosconfig|muieblackcat|mysql|order|passthru|popen|proc_open|processes|pwd|request|rmdir|root|scanner|script|search_text|select|selfremove|set|shell|sql|sp_executesql|spicon|ssh|system|telnet|trojan|truncate|uname|union|unzip|whoami) [NC] 
RewriteRule .* - [F] 

RewriteCond %{HTTP_REFERER} !^$ 
RewriteCond %{REQUEST_FILENAME} -f 
RewriteCond %{REQUEST_FILENAME} \.(jpe?g?|png|gif)$ [NC] 
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?mysite.com\. [NC] 
RewriteRule \.(jpe?g?|png|gif)$ - [NC,F] 

Order Allow,Deny 
Deny from all 
<FilesMatch "\.([Jj][Pp][Ee]?[Gg]?|[Pp][Nn][Gg]|[Gg][Ii][Ff])$"> 
Allow from all 
</FilesMatch> 

<FilesMatch ".*\.([^.]+)\.([^.]+)$"> 
Order Deny,Allow 
Deny from all 
</FilesMatch> 

<LimitExcept GET POST> 
Deny from all 
</LimitExcept>

我正在尋找一個適合我的目標等教程,但沒有發現......也許你可以幫我修改上面的一個。謝謝!

UPDATE: 所以,如果我禁用

#AddHandler cgi-script .php .php2 .php3 .php4 .php5 .php6 .php7 .php8 .pl .py .js .jsp .asp .htm .html .shtml .sh .cgi 
#Options -ExecCGI -Indexes 


#RewriteCond %{HTTP_REFERER} !^$ 
#RewriteCond %{REQUEST_FILENAME} -f 
#RewriteCond %{REQUEST_FILENAME} \.(jpe?g?|png|gif)$ [NC] 
#RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?mysite.com\. [NC] 
#RewriteRule \.(jpe?g?|png|gif)$ - [NC,F]

那麼圖片可以顯示的線,但它不是我的目標,因爲腳本還是可以的被執行。

來源

2016-03-22 V.V.

+1

你可以看看你的Apache的錯誤日誌?你有嗎? – deceze

+0

是的,說是「[alert] .htaccess:選項不允許在這裏」 –

+0

那麼,這將是原因,你的配置不允許'Options'行。你需要*那條線嗎? *可以*你重新配置你的Apache以允許該行? – deceze

回答

0

對.htaccess做了一些更新,最終版本看起來像這樣,工作正常,顯示文件,不讓腳本從文件夾執行。

IndexIgnore * 
 
RemoveHandler .php .php2 .php3 .php4 .php5 .php6 .php7 .php8 .pl .py .js .jsp .asp .htm .html .shtml .sh .cgi 
 
RemoveType .php .php2 .php3 .php4 .php5 .php6 .php7 .php8 .pl .py .js .jsp .asp .htm .html .shtml .sh .cgi 
 
    
 
RewriteEngine On 
 
RewriteRule ^(php\.ini|\.htaccess) - [NC,F] 
 
    
 
RewriteCond %{REQUEST_URI} ((php|my|bypass)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|c100|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR] 
 
RewriteCond %{REQUEST_URI} (\.exe|\.php\?act=|\.tar|_vti|afilter=|algeria\.php|chbd|chmod|cmd|command|db_query|download_file|echo|edit_file|eval|evil_root|exploit|find_text|fopen|fsbuff|fwrite|friends_links\.|ftp|gofile|grab|grep|htshell|\ -dump|logname|lynx|mail_file|md5|mkdir|mkfile|mkmode|MSOffice|muieblackcat|mysql|owssvr\.dll|passthru|popen|proc_open|processes|pwd|rmdir|root|safe0ver|search_text|selfremove|setup\.php|shell|ShellAdresi\.TXT|spicon|sql|ssh|system|telnet|trojan|typo3|uname|unzip|w00tw00t|whoami|xampp) [NC,OR] 
 
RewriteCond %{QUERY_STRING} (\.exe|\.tar|act=|afilter=|alter|benchmark|chbd|chmod|cmd|command|cast|char|concat|convert|create|db_query|declare|delete|download_file|drop|edit_file|encode|environ|eval|exec|exploit|find_text|fsbuff|ftp|friends_links\.|globals|gofile|grab|insert|localhost|logname|loopback|mail_file|md5|meta|mkdir|mkfile|mkmode|mosconfig|muieblackcat|mysql|order|passthru|popen|proc_open|processes|pwd|request|rmdir|root|scanner|script|search_text|select|selfremove|set|shell|sql|sp_executesql|spicon|ssh|system|telnet|trojan|truncate|uname|union|unzip|whoami) [NC] 
 
RewriteRule .* - [F] 
 
    
 
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC] 
 
RewriteCond %{HTTP_REFERER} !google\. [NC] 
 
RewriteCond %{HTTP_REFERER} !yandex\. [NC] 
 
RewriteCond %{HTTP_REFERER} !bing\. [NC] 
 
RewriteCond %{HTTP_REFERER} !yahoo\. [NC] 
 
RewriteCond %{HTTP_REFERER} !^$ 
 
RewriteRule .*\.(jpe?g?|png|gif)$ - [F] 
 
    
 
Order Allow,Deny 
 
Deny from all 
 
<FilesMatch "\.([Jj][Pp][Ee]?[Gg]?|[Pp][Nn][Gg]|[Gg][Ii][Ff])$"> 
 
Allow from all 
 
</FilesMatch> 
 
    
 
<FilesMatch ".*\.([^.]+)\.([^.]+)$"> 
 
Order Deny,Allow 
 
Deny from all 
 
</FilesMatch> 
 
    
 
<LimitExcept GET POST> 
 
Deny from all 
 
</LimitExcept>

來源

2016-03-22 11:57:53

相關問題

 相關問題