[英]Detect if Mod_Security Is Installed With PHP?
Is there any simple way to detect if mod_security is installed & enabled using just PHP? 是否有任何简单的方法来检测是否仅使用PHP安装和启用了mod_security? Ideally without any exec() terminal type commands to be executed.
理想情况下,不执行任何exec()终端类型命令。
Some people have recommended using apache_get_modules() but this specific web-host does not allow it to show. 有些人建议使用apache_get_modules(),但这个特定的Web主机不允许它显示。 This is also mentioned by other users here: http://www.devcomments.com/apache_get_modules-solution-to130703.htm
其他用户也提到了这一点: http : //www.devcomments.com/apache_get_modules-solution-to130703.htm
Try the apache_get_modules
function to get an array of the loaded modules. 尝试使用
apache_get_modules
函数获取已加载模块的数组。 If that module is loaded but not listed there, you might want to try phpinfo
with phpinfo(INFO_MODULES)
instead: 如果该模块被加载,但没有列在那里,你可能想尝试
phpinfo
具有phpinfo(INFO_MODULES)
代替:
ob_start();
phpinfo(INFO_MODULES);
$contents = ob_get_clean();
$moduleAvailable = strpos($contents, 'mod_security') !== false;
You can do just create a test.php file and use.. 你可以创建一个test.php文件并使用..
<?php phpinfo(); ?>
And look at the apache2handler, and look at: Loaded modules.. something like this... 看看apache2handler,然后看看:加载的模块..这样的东西......
http://gyazo.com/bcba303469f23671f7213e1478788cbd.png http://gyazo.com/bcba303469f23671f7213e1478788cbd.png
-Mike -麦克风
Grasping at straws here. 抓住稻草在这里。
Try having your script make a request to itself (via file_get_contents
or maybe the cURL extension) that would trip mod_security. 尝试让您的脚本向自己发送请求(通过
file_get_contents
或cURL扩展名),这将触发mod_security。 If it returns a 403 (or whatever mod_security's default response is), that should be enough information for you to go on... 如果它返回403(或任何mod_security的默认响应),这应该是足够的信息让你继续...
您可以搜索get_loaded_extensions()函数并使用array_intersect(),如果找不到任何匹配项,则返回数组中的匹配值,否则返回空数组。
$modSecurity = !empty(array_intersect(array_map('strtolower', get_loaded_extensions()), array('mod_security', 'mod security'))) ? true : false;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.