iptables + php ÉÏÍø¼Æ·ÑʵÏÖ
×î½üÓÐÒ»¸öÏã¸ÛµÄ¾ÆµêÌá³öÐèÇó,Òªµ½¾ÆµêÒµÄÚµÄÉÌÎñÖÐÐÄʵÐмƷÑÉÏÍø, ÌṩÁËÈçϼ¼Êõ·½°¸:
1¡¢Éèһ̨CENTOS5µÄ»úÆ÷×öΪ·ÓÉ£¬°ÑÐèÒª¼Æ·ÑµÄ»úÆ÷¶¼ÉèΪÓô˷þÎñÆ÷×öÍø¹Ø¡£
2¡¢·þÎñÆ÷¿ªÆôIPTABLE£¬Í¨¹ýIPTABLE¿ØÖÆÄܲ»ÄÜʹÓû¥ÁªÍø¡£
¼Ç¼ÏÂÒÔϼ¼ÊõÒªµã:
Ò»¡¢ php¿ÉÒÔͨ¹ýshell_execÀ´Ö´ÐÐshellÖ¸Áµ«iptablesµÄÖ¸ÁîÊÇroot²ÅÓÐȨÏÞÖ´Ðеģ¬ËùÔÚÐèÒª½èÖúsudo.
¾ßÌå×ö·¨ÈçÏÂ:
1. Ö´ÐÐvisudo, ×¢Ê͵ô Default requiretty Ò»ÐÐ
2. ÔÚÎļþ×îºó£¬¼ÓÈëapache ALL = NOPASSWD: /sbin/iptables
3. ÓÃphp shell_exec("/usr/bin/sudo /sbin/iptables -I FORWARD -s xxx.xxx.xxx.xxx -j DROP")ʵÏÖ¶ÏÍø
4. ÓÃphp shell_exec("/usr/bin/sudo /sbin/iptables -I FORWARD -s xxx.xxx.xxx.xxx -j ACCEPT")ʵÏÖ¿ªÍ¨
¶þ¡¢CENTOS¿ªÆô·Óɹ¦ÄÜ:
1¡¢nano /etc/sysctl.conf£¬ÕÒµ½ÆäÖÐnet.ipv4.ip_forward£¬ÉèΪ1£¬±£´æºóÍ˳ö¡£
2¡¢sysctl -p /etc/sysctl.confÈÃÐÞ¸ÄÉúЧ¡£
Èý¡¢/etc/sysconfig/iptablesÄÚÈÝ£º
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 1404 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 10000 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
*n
Ïà¹ØÎĵµ£º
×î½üÏëд¸öÈí¼þÍæÍ棬ץȡÍøÒ³ÉϵÄÄÚÈÝ
ץȡÍøÒ³ÄÚÈݵÄÎÒ·ÅÔÚÒ»¸öÎļþÖÐд³ÉÀàÁË
ÒÔÏÂÊÇ´úÂë
<?php
class myhttp
{
var $_host;
var $_url;
var $_port;
var $_errno;
var $_errstr;
va ......
http://blog.developers.api.sina.com.cn/?p=264
×î½üMemcacheDBÓʼþÁбíºÍÑз¢²¿ÄDZßͬʱ¨¸æPHPµÄmemcache¿Í»§¶Ëphp-memcache¾³£³ö ÏÖ¶ÏÁ¬½ÓµÄÎÊÌ⣺
PHP Notice: Memcache::get(): Server ………. (tcp 11211) failed with: Failed reading line from stream (0) with pecl-memcache 3.*
&h ......
º¯ÊýÔÐÍ£ºmixed str_replace(mixed needle,mixed new_needle,mixed haystack[,int &count]);
needle£ºÒª±»Ìæ»»µÄ×Ö·û´®£¬new_needle£ºÌæ»»ÓõÄ×Ö·û´®£¬haystack£º²Ù×÷×Ö·û´®£¬count£ºÌæ»»´ÎÊý¡¾¿ÉÑ¡²ÎÊý¡¿
ÎÒÃÇÖصãÊÔÑéÇ°Èý¸öÔÚʹÓÃÊý×éÊǵÄÖ´Ðз½Ê½£º
&n ......
ÔÚlinuxÏÂͨ¹ýsvn¸üÐÂÁËÒ»¸öphpÎļþ£¬Ä¿µÄÊÇÏëͨ¹ýÖ´ÐÐÕâ¸öÎļþÀ´¶ÁÊý¾Ý²åÈëµ½Êý¾Ý¿â¡£ÔÚÆäÖеļ¸Ì¨Ö´ÐÐûÓÐÎÊÌ⣬ÆäÖÐһ̨¾Í·¢ÏÖÁËCould not open input fileÕâ¸ö´íÎ󣬺óÀ´²éÕÒ×ÊÁϲŷ¢ÏÖÔÀ´ÊÇÎļþ¸ñʽµÄÎÊÌ⣬³ö´íʱÎļþ¸ñʽÊÇdos£¬¿ÉÒÔÔÚviÖÐÓÃ:set ffÀ´²é¿´£¬Èç¹ûÊÇdos¸ñʽ£¬ÄÇôÔòÓÃ:set ff=unixÀ´ÉèÖÃеĸñʽ£¬ÕâÑ ......
<?php
$s = "new string";
//ÏÂÃæË«ÒýºÅ×Ö·û´®ÖеķûºÅ"$"δ×öתÒ壬Òò´Ë$s½«±»Ìæ»»³ÉÆä±äÁ¿µÄÖµ
$str_1 = "Ë«ÒýºÅÖ¸¶¨µÄ×Ö·û´®£¬$s";
//ÏÂÃæË«ÒýºÅ×Ö·û´®ÖеķûºÅ"$"×öÁËתÒ壬Òò´Ë$sÔ·â²»¶¯£¬²»»á±»Ì滻Ϊ±äÁ¿$sµÄÖµ
$str_2 = "Ë«ÒýºÅÖ¸¶¨µÄ×Ö·û´®£¬\$s";
//µ¥ÒýºÅ×Ö·û´®ÖеÄ"$"²»ÓÃ×öתÒå¼´¿ÉÔÑùÊä³ö
$str_3 ......
