如何编写mod_security友好的PHP代码?
[英]How to write mod_security friendly PHP code?
问题描述
I made a theme in WordPress which hit the mod_security rule on HostGator and gave 403 error . 
我在WordPress中创建了一个主题,它触及HostGator上的mod_security规则,并给出了403 error 。
I contacted people there(at HostGator) and they fixed it for me. 我联系了那里的人(在HostGator)他们为我修好了。 But I don't want my theme to work like this. 但我不希望我的主题像这样工作。
I just wanted to know if there are any guides/blog post/tutorials telling about writing PHP code which is mod_security friendly? 我只是想知道是否有任何指南/博客文章/教程讲述编写PHP代码的mod_security友好?
I tried Google, but didn't find anything helpful. 我试过Google,但没有找到任何帮助。
1 个解决方案
解决方案1
1 已采纳 2010-06-12 05:03:37
I'm not sure there are many guides for this, especially since mod_security configuration varies from server to server. 我不确定有很多指南,特别是因为mod_security配置因服务器而异。
The closest thing I would recommend is taking a look at the Core Rule Set Project . 我建议最接近的是看看核心规则集项目 。 There's tons of rules in there. 那里有很多规则。 There's a lot of them. 有很多。
Some general things to avoid would be: 一些要避免的一般事情是:
- including function names in parameters 包括参数中的函数名称
- using SQL queries/keywords (like SELECT, UPDATE, DELETE FROM) in the URL or POST 在URL或POST中使用SQL查询/关键字(如SELECT,UPDATE,DELETE FROM)
- using HTML in the url 在网址中使用HTML
What exactly triggers it may vary. 究竟是什么触发可能会有所不同 If possible, I would ask the HostGater people what rule it triggered and try to get some feedback. 如果可能的话,我会问HostGater人员它触发了什么规则并尝试获得一些反馈。 If not setup mod_security on your private box (or a VM), and see if your theme triggers any of the rules in the core rule set. 如果没有在您的私有框(或VM)上设置mod_security,并查看您的主题是否触发了核心规则集中的任何规则。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.