自动检测内部/外部开发环境
我们使用以下函数来自动检测我们是在内部计算机上还是在实时服务器上,然后为各种组件选择适当的配置:
function devIsLocal(){
$res=false;
$http_host=$_SERVER['HTTP_HOST'];
if($http_host=='localhost')$res=true;
if($http_host=='127.0.0.1')$res=true;
if(substr($http_host,-4)=='.lan')$res=true;
if(strpos($http_host, '.')===false)$res=true;
return($res);
}
如您所见,它仅依赖于 HTTP_HOST 值。
当然,如果您在本地使用某种虚拟主机(例如 example.com),那么该功能就会被欺骗。
还有其他方法可以欺骗该函数吗?我们还可以查看哪些其他变量/位置来确定我们所处的位置?
We use the following function to auto detect if we are on a machine internally or on a live server and then choose the appropriate configs for various components:
function devIsLocal(){
$res=false;
$http_host=$_SERVER['HTTP_HOST'];
if($http_host=='localhost')$res=true;
if($http_host=='127.0.0.1')$res=true;
if(substr($http_host,-4)=='.lan')$res=true;
if(strpos($http_host, '.')===false)$res=true;
return($res);
}
As you can see it only relies on the HTTP_HOST value.
Of course, if you use some sort of virtual host locally like example.com then the function will be tricked.
Are there any other ways to fool the function? and what other variables/places could we peek at to determine where we are?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
在 Apache 虚拟主机配置中设置环境变量。 Zend 框架就是这样做的。
有关示例,请参阅 ZF 快速入门指南( “创建虚拟主机”部分。)
在您的 httpd.conf 或 .htaccess 文件中,输入:
然后在您的应用程序中,使用 getenv 函数来获取值:
Set an environment variable in your Apache virtual host configuration. This is the way the Zend Framework does it.
See the ZF quick start guide for an example (the "Create a Virtual Host" section.)
In your httpd.conf or a .htaccess file, put:
Then in your application, use the getenv function to get the value:
在您的实时系统上,这永远不会评估为
TRUE。 :)This will never evaluate as
TRUEon your live system. :)添加到 Andy Shellam 的答案..
如果您使用的是 mod_vhost_alias ,或者具有具有相同(虚拟)文档根的多个域,您可以根据参数设置变量,例如
Adding to Andy Shellam's answer..
If you are using mod_vhost_alias, or have various domains with the same (virtual) document root, you can set the variable dependent upon parameters, e.g.
创建并稍后查找仅存在于实时服务器文件系统上的文件。
当然,您的环境应该尽可能相似;我的建议是这样的:在目录 /var/environment/ 中,有一个名为 {devel|test|qa|staging|live} 的文件,具体取决于您所在的服务器 - 然后只需检查文件名。
当然,您需要将此文件从版本控制和您可能拥有的任何构建过程中排除。
Create and later look for a file that only exists on the live server's filesystem.
Granted, your environments should be as similar as possible; what I'm suggesting is something like this: in directory /var/environment/, have a file named {devel|test|qa|staging|live}, depending on the server you're on - then just check the filename.
Of course, you need to exclude this file from version control and from whatever build process you may have.
此外,如果主机不是本地的,但使用widlcard或默认虚拟主机定义,并且用户将IP地址添加到本地的hosts文件中。
我建议在包含路径上有一个目录,该目录也存在于实时环境中,但不会复制到那里 - 并且简单地存储:
或者
如果两个环境都在同一服务器上 - 您仍然可以通过在 Apache config 或 .htaccess 中设置 include_path 来做到这一点。
这还允许您分离潜在敏感的环境特定数据 - 例如数据库主机/密码和加密密钥。
C.
Also if the host is not local but uses a widlcard or default vhost defn and the user adds the IP address to the hosts file locally.
I would recommend having a directory on the include path which also exists on live but is not replicated there - and simply store:
or
If both envs are on the same server - you can still do this by setting the include_path in Apache config or .htaccess.
This also allows you to seperate potentially sensitive env specific data - like database hosts/passwords and encyption keys.
C.