简体繁体 English

PHP中的ASP.NET HttpModules的等价物

[英]Equivalent of ASP.NET HttpModules in PHP

原文 2009-02-20 19:05:57 8 2 php/ asp.net

what is the equivalent of ASP.NET HttpModules in PHP? 什么是PHP中的ASP.NET HttpModules？

If there are any how can I include them for that specific application (not globally) in other words what is the equivalent of web.config 如果有任何我可以如何为特定应用程序（不是全局）包含它们，换句话说，什么是web.config的等价物

Example : I need to log the request and the headers, if the server is returning a HTTP 500 error irrespective of the code which is run. 示例：如果服务器返回HTTP 500错误，无论运行的代码如何，我都需要记录请求和标头。

In ASP.NET, I would have a HTTP Module in which I can grab the response code and other details, before sending to the client. 在ASP.NET中，我会有一个HTTP模块，我可以在发送到客户端之前获取响应代码和其他详细信息。 I can also handle Begin Request. 我也可以处理Begin Request。

I need something similar in PHP 我需要PHP中类似的东西

2 个解决方案

Unfortunately PHP is more like ASP in the sense that the "application" is a loose concept, the files are not tightly related, so anything you do would likely have to be at the web server level 不幸的是，PHP更像是ASP，因为“应用程序”是一个松散的概念，文件并不紧密相关，所以你所做的任何事都可能必须在Web服务器级别

Assuming you are on a linux/apache server. 假设你在linux / apache服务器上。 One approach would be to use .htaccess, these can be modified at the directory (ie application level) and have sever powerful features. 一种方法是使用.htaccess，这些可以在目录（即应用程序级别）进行修改，并具有强大的功能。

One example is for url re-writing: 一个例子是网址重写：

http://roshanbh.com.np/2008/02/hide-php-url-rewriting-htaccess.html http://roshanbh.com.np/2008/02/hide-php-url-rewriting-htaccess.html

Official Apache Docs: http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html 官方Apache Docs： http ： //httpd.apache.org/docs/1.3/mod/mod_rewrite.html

You can look the ModSecurity for Apache: http://www.modsecurity.org/ 您可以查看Apache的ModSecurity： http ： //www.modsecurity.org/

It will allow you to log full POST and headers data depending on rules you define. 它允许您根据您定义的规则记录完整的POST和标题数据。 ModSecurity configuration is very powerful but very complex too. ModSecurity配置非常强大，但也非常复杂。

HTTP Traffic Logging HTTP流量记录

Web servers are typically well-equipped to log traffic in a form useful for marketing analyses, but fall short logging traffic to web applications. Web服务器通常具有良好的功能，可以以对市场分析有用的形式记录流量，但不会将日志记录流量缩短到Web应用程序。 In particular, most are not capable of logging the request bodies. 特别是，大多数人无法记录请求正文。 Your adversaries know this, and that is why most attacks are now carried out via POST requests, rendering your systems blind. 你的对手知道这一点，这就是为什么大多数攻击现在通过POST请求执行，使你的系统失明。 ModSecurity makes full HTTP transaction logging possible, allowing complete requests and responses to be logged. ModSecurity使完整的HTTP事务日志记录成为可能，允许记录完整的请求和响应。 Its logging facilities also allow fine-grained decisions to be made about exactly what is logged and when, ensuring only the relevant data is recorded. 它的记录功能还允许精确决定记录的确切内容和时间，确保只记录相关数据。 As some of the request and/or response may contain sensitive data in certain fields, ModSecurity can be configured to mask these fields before they are written to the audit log. 由于某些请求和/或响应可能包含某些字段中的敏感数据，因此可以将ModSecurity配置为在将这些字段写入审核日志之前屏蔽这些字段。