有人试图在 ubuntu apache2 服务器 (Laravel) 上访问我的 index.php 文件

Question

我的一个项目有人试图访问我在 laravel 中的 index.php 文件。

日志：-

{ 
   "ip":"45.155.205.108","url":"/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21",
   "agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
}

{
  "ip":"45.155.205.108","url":"/?XDEBUG_SESSION_START=phpstorm",
  "agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
}

{
  "ip":"54.81.156.74","url":"/",
  "agent":"python-requests/2.24.0"
}

任何人，请告知需要在 apache 和 .htaccess 上添加哪些安全配置

我的.htacces

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    # Send Requests To Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

Answer 1

order deny,allow
deny from all
allow from <your ip>

Answer 2

终于，我找到了解决办法。我在我的虚拟主机中添加了以下配置

<Directory /var/www/example.com/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    deny from all
    allow from ***.***.***.***  ----> your ip here
    Require all granted
</Directory>

有人试图在 ubuntu apache2 服务器 (Laravel) 上访问我的 index.php 文件

Somebody trying to access my index.php file on ubuntu apache2 server (Laravel)

security

.htaccess

apache2

laravel

server