Noah Broyles's questions

我正在运行在 Ubuntu 20.04 LTS 上运行的 Apache 2 Web 服务器。我为/var/www/html目录启用了 Python CGI 处理程序，即DocumentRoot. 我想知道如何从运行 CGI for Python 文件中排除某个目录。
在我的 CGI 配置中：

<Directory "/var/www/html">
    Options +ExecCGI
    AddHandler cgi-script .py
        <IfModule mod_rewrite.c>
                RewriteEngine On
                RewriteCond %{REQUEST_FILENAME} !-d
                RewriteCond %{REQUEST_FILENAME}\.py -f
                RewriteRule ^(.*)$ $1.py
        </IfModule>
</Directory>

<Directory "/var/www/html/static/cdn">
        DirectoryIndex disabled
        Options +Indexes -ExecCGI
        AllowOverride None
        Require all granted
</Directory>

在/static/cdn目录中，我希望.py文件像任何其他静态文件一样被提供，而不是作为 CGI 执行。这是cdn目录树：

.
├── checkForUpdates.exe
├── checkForUpdates.py
└── findLogErrors
    ├── botCriteria.json
    ├── cleanup.json
    ├── findLogErrors.exe
    └── version.json

1 directory, 6 files

我可以根据需要在 Web 浏览器中查看目录的索引。我可以从这个目录查看或下载任何文件，除了checkForUpdates.py. 服务器没有尝试将其作为 CGI 执行，它给出了 403。权限checkForUpdates.py与其他文件相同：

nbroyles@webserver:/var/www/html/static/cdn$ ls -altr
total 15548
-rwxrwxr-x 1 www-data web 15901526 Nov 17 11:37 checkForUpdates.exe
drwxrwxr-x 7 www-data web     4096 Nov 19 11:13 ..
drwxrwxr-x 2 www-data web     4096 Dec 23 09:41 findLogErrors
drwxrwxr-x 3 www-data web     4096 Dec 23 09:49 .
-rwxrwxr-x 1 www-data web     2072 Dec 23 09:49 checkForUpdates.py

我怎样才能像查看任何.py文件一样查看文件？我确定我的配置中缺少一些简单的东西。任何帮助是极大的赞赏！.json.exe

我在 Ubuntu 20.04.2 LTS 上运行 Apache2 网络服务器。我注意到我access.log有几行只是简单地说明combine它们，没有关于请求或其他任何信息的信息。中的其他行access.log没有说combine，并且确实有关于请求的信息。

这是我的示例access.log：

combine
combine
combine
45.129.136.74 - - [26/Aug/2021:00:17:23 -0400] "\x03" 400 0 "-" "-"
45.129.136.74 - - [26/Aug/2021:00:17:23 -0400] "\x03" 400 0 "-" "-"
combine
192.241.204.78 - - [26/Aug/2021:00:23:55 -0400] "GET / HTTP/1.1" 200 546 "-" "Mozilla/5.0 zgrab/0.x"
84.54.153.88 - - [26/Aug/2021:00:27:54 -0400] "GET / HTTP/1.1" 200 621 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"
combine
combine
45.146.164.110 - - [26/Aug/2021:01:02:57 -0400] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:57 -0400] "POST /api/jsonws/invoke HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:57 -0400] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:57 -0400] "GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> HTTP/1.1" 200 565 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:58 -0400] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 200 565 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:58 -0400] "GET /solr/admin/info/system?wt=json HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:58 -0400] "GET /wp-content/plugins/wp-file-manager/readme.txt HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:58 -0400] "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:58 -0400] "GET /console/ HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:58 -0400] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:58 -0400] "GET /_ignition/execute-solution HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.129.136.74 - - [26/Aug/2021:01:05:21 -0400] "\x03" 400 0 "-" "-"
205.185.126.200 - - [26/Aug/2021:01:12:58 -0400] "POST /boaform/admin/formLogin HTTP/1.1" 404 475 "http://40.121.65.70:80/admin/login.asp" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0"
185.189.182.234 - - [26/Aug/2021:01:32:22 -0400] "GET / HTTP/1.1" 400 0 "-" "-"
42.193.16.135 - - [26/Aug/2021:01:34:15 -0400] "GET / HTTP/1.1" 200 565 "-" "Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.62 XWEB/2692 MMWEBSDK/200901 Mobile Safari/537.36"
206.189.182.136 - - [26/Aug/2021:01:45:23 -0400] "GET /ab2g HTTP/1.1" 400 0 "-" "-"
206.189.182.136 - - [26/Aug/2021:01:45:23 -0400] "GET /ab2h HTTP/1.1" 400 0 "-" "-"
combine
combine
combine
combine
combine

我的apache2.conf有以下几行：

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

同样在我的一个sites-enabled配置文件中，我有这一行：

CustomLog ${APACHE_LOG_DIR}/access.log combine

combine访问日志中的行是什么意思？为什么我会关心看到他们？我怎样才能防止这些台词只是说combine并让它们真正显示一些有用的信息？