我正在寻找一种方法来使用API来操作PHP运行的网络服务器。
例如,我希望能够动态添加mod重写规则或阻止某些路径的IP地址,所有这些都不会触及.htaccess文件。
PHP是否存在类似this的内容?
答案 0 :(得分:5)
PHP无法动态更改Apache的配置,但正如您所说,您可以使用PHP编辑配置或.htaccess文件重新加载配置。但我认为,通过Web服务器为您的webapp提供更大的功能会带来很大的安全风险。
您可以使用mod_rewrite's RewriteMap directive动态阻止IP的示例。基本上,您可以为您的网站编写一个mod_rewrite规则,该规则将指示mod_rewrite查看您的PHP脚本可以维护的外部数据源。
mod_rewrite文档有一个例子:Denying Hosts in a Blacklist
Description:
We wish to maintain a blacklist of hosts, rather like hosts.deny,
and have those hosts blocked from accessing our server.
Solution:
RewriteEngine on
RewriteMap hosts-deny txt:/path/to/hosts.deny
RewriteCond ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND [OR]
RewriteCond ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND} !=NOT-FOUND
RewriteRule ^ - [F]
##
## hosts.deny
##
## ATTENTION! This is a map, not a list, even when we treat it as such.
## mod_rewrite parses it for key/value pairs, so at least a
## dummy value "-" must be present for each entry.
##
193.102.180.41 -
bsdti1.sdm.de -
192.76.162.40 -
Discussion:
The second RewriteCond assumes that you have HostNameLookups turned on,
so that client IP addresses will be resolved. If that's not the case,
you should drop the second RewriteCond, and drop the [OR] flag from
the first RewriteCond.
您的PHP脚本可以维护这些文本文件(其他数据存储也可用),您可以根据您的特定需求制作任意数量的规则集来动态控制访问。那会有用吗?