我看到对我的网络根目录中不存在的文件进行了未经身份验证的访问尝试。
[Sun Jul 26 13:00:03 2015] [error] [client x.x.x.x] File does not exist: /webrootpath/rom-0
[Sun Jul 26 14:06:04 2015] [error] [client x.x.x.x] File does not exist: /webrootpath/ic.asp
[Sun Jul 26 16:35:58 2015] [error] [client x.x.x.x] File does not exist: /webrootpath/phpmyadmin
我有非root运行apache,非管理员,我有以下htaccess文件(对于codeigniter index.php重写)
Options -Indexes
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ index.php?/$1 [L]
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
ErrorDocument 404 /index.php
这是我的apache配置
<VirtualHost *:80>
ServerName domain.com
ServerAlias *.domain.com
ServerAdmin webmaster@localhost
DocumentRoot /webrootpath/domain.com/html
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /webrootpath/domain.com/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
我对apache和.htaccess文件知之甚少,所以我可能在某处做了一些非常愚蠢的事情。