Key Points of apache Security Settings in windows

As we all know, in windows, when Apache is installed as a service for the first time, it will run with the user "System" (Local System account. If all the resources of the web server are on the local system, this will have fewer problems, but it will have a lot of security permissions to affect the local machine, therefore, you must never enable the network permissions of the System account! Create a new account to start apache and set the corresponding permissions. create an account in the local user and group in computer management, for example, apache. Set the password to apacheuser and add it to the guests group (if any problem occurs, grant the user permission). 2. choose Start> Administrative Tools> Local Security Policy, and select "Log on as a service" in user permission assignment to add an apache user. 3. in computer management, select a service, find apache2.2, stop the service, right click-> properties, select login, switch the standalone from the local system account to this account, and then select apache, enter the password apacheuser and click "OK". (apache cannot be started yet. Generally, an error is returned: Apache2.2 service stops due to a 1 (0x1) service error .); 4. grant the apache installation directory (such as D:/apache2.2) and web directory (such as D:/wwwroot) The read and write permissions of the apache account, remove all permissions except administror and system in the root directory of each disk, and grant the read-only column directory permission to the apache account in the root directory of the disk where the apache installation directory is located (I initially felt unnecessary, but later I found that this is the key to the above error .) 5. Start apache. Everything is OK. 6. php. the PHP temporary upload directory and session storage directory specified in ini, and give the directory apache full control permissions, such as upload_tmp_dir = "D:/wwwroot/Tmp/uploadtmp/" session. save_path = "D:/wwwroot/Tmp/sessiontmp/" 7. grant D:/php Directory read and run permissions; 8. grant the zend installation directory read and run permissions; 9. restrict the access directory and modify httpd In the conf folder under the apache installation directory. conf, with php_admin_value open_basedir "D:/wwwroot" php_admin_value safe_mode On httpd. conf configuration (If PHP read and write permissions are restricted to the E: \ smis directory) Apache2.0 configuration example: ServerName www. abc. comDocumentRoot "E:/smis" Options FollowSymLinks IncludesNOEXEC IndexesDirectoryIndex index.html index.htm default.htm index. php default. phpAllowOverride NoneOrder Deny, AllowAllow from allphp_admin_value open_basedir "E:/smis/; E:/APMServ5.2.0/PHP/uploadtemp/; E: /APMServ5.2.0/PHP/sessiondata/"php_admin_value safe_mode On Apache2.2 configuration example: ServerName www. abc. comDocumentRoot "E:/smis" Options FollowSymLinks IncludesNOEXEC IndexesDirectoryIndex index.html index.htm default.htm index. php default. using NoneOrder Deny, AllowAllow from using open_basedir "E:/smis/; E:/APMServ5.2.0/PHP/uploadtemp/; E:/APMServ5.2.0/PHP/sessiondata/" php_admin_value safe_mode On