将 Apache 的默认页面更改为 PHP
我希望在没有索引并收到 500 错误时更改 apaches 默认页面。我的服务器是 Linux Red Hat,客户端设置使用 Kloxo 和 /etc/httpd/conf.d/welcome.conf 我正在尝试更改:
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /error/noindex.html
</LocationMatch>
httpd
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /error/noindex.php
</LocationMatch>
重新启动后会出现 500 错误。我认为这与 PHP 权限有关,因为文件是以 root 身份上传的,并且用户特定于某个帐户。
noindex.html 文件工作正常并且也设置为 root。
我知道另一种方法是使用骨架目录,但我不想走这条路。
有谁知道我如何实现这一目标?
谢谢。
编辑:
我在 suPHP 中遇到错误: 脚本“/var/www/error/noindex.php”的 UID 小于 min_uid
如果我将权限更改为 777,我会收到 500 错误页面,日志中仅显示以下消息: 文件“/var/www/error/noindex.php”可由其他人写入
编辑2:
将文件设置为400或660以及用户ID 501(lxlabs),我现在收到错误:
目标UID(1060)和UID(文件“/var/www/error/noindex.php”的 501)
我相信 lxlabs 应该是普通用户,但可能没有该目录的权限。我不确定如何定位 /home/kloxo/httpd/error/noindex.php 因为welcome.conf 文件似乎在 /var/www 目录中启动。
编辑3:
这也可能有帮助。我能够在虚拟主机声明中设置 suPHP 详细信息。比如:
<Virtualhost 123.456.78.90:8888>
SSLEngine On
SSLCertificateFile /home/kloxo/httpd/ssl/eth0___localhost.crt
SSLCertificateKeyFile /home/kloxo/httpd/ssl/eth0___localhost.key
SSLCACertificatefile /home/kloxo/httpd/ssl/eth0___localhost.ca
DocumentRoot /home/kloxo/httpd/webmail/
<Ifmodule mod_suphp.c>
SuPhp_UserGroup lxlabs lxlabs
</Ifmodule>
</Virtualhost>
也许我可以在welcome.conf 文件中做类似的事情?
I am looking to change apaches default page for when there are no indexes and getting a 500 error. My server is Linux Red Hat with clients setup using Kloxo and /etc/httpd/conf.d/welcome.conf I am trying to change:
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /error/noindex.html
</LocationMatch>
To
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /error/noindex.php
</LocationMatch>
Which after httpd restart it gives a 500 error. I assume it has to do with PHP permissions as the file is uploaded as root and the user is specific to an account.
The noindex.html file works fine and is set as root as well.
I know an alternative is to use a skeleton directory, but I don't want to go that route.
Does anyone have any ideas how I would accomplish this?
Thanks.
EDIT:
Error I get in suPHP:
UID of script "/var/www/error/noindex.php" is smaller than min_uid
If I change permissions to 777, I get the 500 error page, with only this message in logs:
File "/var/www/error/noindex.php" is writeable by others
EDIT 2:
Make the file 400 or 660 and user ID 501 (lxlabs), I now get the error:
Mismatch between target UID (1060) and UID (501) of file "/var/www/error/noindex.php"
I believe lxlabs is supposed to be a regular user, but might not have permissions to that directory. I am not sure how to target the /home/kloxo/httpd/error/noindex.php as the welcome.conf file seems to start in the /var/www directory.
EDIT 3:
This may help as well. I was able to set the suPHP details in the Virtualhost declarating. Like:
<Virtualhost 123.456.78.90:8888>
SSLEngine On
SSLCertificateFile /home/kloxo/httpd/ssl/eth0___localhost.crt
SSLCertificateKeyFile /home/kloxo/httpd/ssl/eth0___localhost.key
SSLCACertificatefile /home/kloxo/httpd/ssl/eth0___localhost.ca
DocumentRoot /home/kloxo/httpd/webmail/
<Ifmodule mod_suphp.c>
SuPhp_UserGroup lxlabs lxlabs
</Ifmodule>
</Virtualhost>
Perhaps I can do something similar in the welcome.conf file?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
解决方案是更改脚本的所有者和权限。 用户必须是普通用户。权限必须为 660(rw 对于用户和组)或 400(r 仅对于用户)。解释如下。
您正在使用 suPHP,它是一个 Apache 模块,它尝试通过以受限权限运行 PHP 脚本来保护 PHP 脚本的安全。当请求脚本时,suPHP 在执行脚本之前切换到脚本的所有者。
出于明显的安全原因,suPHP 禁止以 root 身份运行脚本。因此 root 拥有的 PHP 脚本无法通过 Apache 访问。这就是消息 UID of script is less than min_uid 的含义。 suPHP 确实更通用一些:它禁止所有特殊用户。 Linux 为特殊用户保留第一个用户 ID。普通用户的 ID 大于 500 或 1000(取决于发行版),而 root 通常具有 ID 0。suPHP
仍然出于安全原因,拒绝运行任何用户可以修改的脚本。这就是消息文件可由其他人写入的含义。可以使用配置参数allow_file_others_writeable来切换此行为,但使用具有不安全配置的面向安全的模块没有多大意义。毕竟,suPHP 的主要目的是分离具有不同文件所有者的应用程序。
The solution is to change the owner and permissions of the script. The user must be a normal user. The permissions must be 660 (rw for user and group) or 400 (r for user only). Explanation follows.
You are using suPHP which is an Apache module that tries to secure PHP scripts by running them with restricted permissions. When a script is requested, suPHP switches to the owner of the script before executing it.
For obvious security reasons, suPHP forbids to run a script as root. So PHP scripts owned by root can't be reached through Apache. This is what the message UID of script is smaller than min_uid means. suPHP is indeed a bit more generic: it forbids all special users. Linux keeps the first user ids for the special users. Normal users have an ID above 500 or 1000 (depending on the distribution) while root usually has the ID 0.
suPHP, still for security reasons, refuses to run scripts that any user can modify. This is the meaning of the message File is writeable by others. This behavior can be switched of with the config parameter
allow_file_others_writeable, but it doesn't make much sense to use a security-oriented module with an insecure configuration. After all, the main purpose of suPHP is to separate the applications that have different file owners.经过大量的测试和研究,似乎不可能有这样的全局文件。最好的解决方法是在每个用户的框架目录中放置一个文件。
After lots of testing and researching, it doesn't appear to be possible to have a global file like this. The best work around is to put a file in the skeleton directory for each user.