Apache and PHP security settings in Linux

Source: irobotsblog (1) safe_mode: run php in safe mode; in php. in the INI file, use the following safe_modeOn (use security mode) safe_modeOff (disable security mode) in apache httpd. the corresponding setting method of VirtualHost in conf: php_admin_flagsafe_modeOn (use security

Source: irobots blog

(1) safe_mode: run php in safe mode;
Use the following in the php. ini file:
Safe_mode = On (use security mode)
Safe_mode = Off (disable security mode)
How to set VirtualHost in httpd. conf of apache
Php_admin_flag safe_mode On (use security mode)
Php_admin_flag safe_mode Off (disable security mode)
Or:
Php_admin_value safe_mode 1 (use security mode)
Php_admin_value safe_mode 0 (disable security mode)

(2) safe_mode_include_dir: Directory without UID/GID check;

(3) open_basedir: restrict the files that can be operated by users to a directory;
A. how to set Directory in httpd. conf of Apache:
Php_admin_value open_basedir/usr/local/apache/htdocs/:/tmp/
B. set open_basedir =.:/tmp/in php. ini, which indicates that
Access the current directory (the directory where the php file is located) and/tmp/directory.

(4) disable_functions: sets the disable function;
Typical security configuration
Disable_functions = shell_exec, system, exec, passthru, show_source, get_var _var, dl
If you are allowed to debug the program, the configuration is as follows:
Disable_functions = shell_exec, system, exec, passthru

(5) register_globals: disable registration of global variables;
Register_globals = On (automatically registered as a global variable)
Register_globals = Off (cannot be registered as a global variable)

(6) magic_quotes_gpc: escape sensitive characters
Magic_quotes_gpc = On
Magic_quotes_gpc = Off
In Apache httpd. conf, set VirtualHost as follows:
Php_admin_flag magic_quotes_gpc on
Or:
Php_admin_value magic_quotes_gpc 1