Originally, we used the PHPNOW suite on our windows server. Later, a lot of loopholes were found by vulnerability scanning. phpnow has not been updated for a long time. In order to solve this problem, I found the upupw kit from the Internet. This kit is updated very timely, and there are many versions to choose from. So the one that works best with our server was chosen. After installing it on the test machine, scan it again, and sure enough, all the Galway vulnerabilities have been solved.
2016.8.13, I changed the package on the main server to UPUPW, and it was relatively smooth at that time. No problem was found.
On Monday, August 15, 2016, the user started to call, and there was a function that could not be used, and the page displayed a 403 error, which was rejected by the server.
After testing it many times, I finally located it: as long as the /info directory is used, it will be rejected by the server.
Quickly change the httpd.conf and httpd-vhosts.conf files in the conf directory of the apache directory. Repeated rr restart APACHE. The fault remains.
Until Tuesday 2016.8.16. I just found out that there is such a sentence in httpd.conf
Include conf/extra/httpd-info.conf
And there is such a paragraph in conf/extra/httpd-info.conf
<Location /info>
setHandler server-info
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
Change <Location /info> to <Location /server-info>
The problem is solved after restarting APACHE.
The main reason is that I did not expect that the /info directory will be blocked in conf/extra/httpd-info.conf. In the original environment, the content of this file is the /server-info directory. So, it took me two days and I couldn't find it online!