Path:/usr/local/php/etc/php.ini
PHP uses ";" as the "comment" symbol, and the shell uses "#" as the "comment" symbol;
Edit PHP.ini
[Email protected] ~]# Vim/usr/local/php/etc/php.ini
1. Query/disable_functions set Disable function
disable_functions = Eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system, CHROOT,SCANDIR,CHGRP,CHOWN,ESCAPESHELLCMD,ESCAPESHELLARG,SHELL_EXEC,PROC_GET_STATUS,INI_ALTER,INI_RESTORE,DL, Pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close
These functions are high-risk functions that need to be suppressed for security purposes.
2. Error log related configuration
Query/display_error
Display_error=off
The default is off, if changed to ON, will show the current browser error, but also cause information leakage, affecting security.
3. Query/log_errors
Log_errors =on
4. Query/error_log
Create an absolute path
[Email protected] ~]# Mkdir/usr/local/php/logs
Grant permission (the user who generated the error log is Apache, so use 777 permissions so that he can write)
[Email protected] ~]# chmod 777/usr/local/php/logs
Edit PHP.ini, remove the front of the statement;
Change the Error_log=php_error.log to the "absolute path" of Error_log=/usr/local/php/logs/php_error.log.
5. Configure logging levels
Query/error_reporting
Error_reporting =e_all & ~e_notice (with both levels)
Save exit
: Wq
[Email protected] ~]# apachectl-t
Syntax OK
[Email protected] ~]# apachectl restart
This is how to open the error log without exposing the error message configuration method to help troubleshoot the problem.
viewing error messages :
If you find a Web browsing error
[Email protected] ~]# ls/usr/local/php/logs/
Php_error.log
[Email protected] ~]# Cat/usr/local/php/logs/php_error.log
This will allow you to view the error message.
6. Query/open_basedir
Edit PHP.ini
Open_basedir= Remove the number and change it to the following path
Open_basedir=/data/www:/tmp
This is a security option, for a single host, website, domain name, the access permissions to the specified directory, the other directory does not have access rights, so this open_basedir must be limited to the directory where the site program.
[Email protected] ~]# apachectl-t
Syntax OK
[Email protected] ~]# apachectl restart
Effect.
Extended Extension Learning:
For multiple hosts, multiple sites, multiple domain names, to configure a few open_basedir restrictions, if you use php.ini to edit, can only limit the configuration of a sentence; If you limit multiple, we can limit the Apache "Virtual Host profile", Make each virtual host a open_basedir, we split them open, each site, every virtual machine, each domain name common a open_basedir.
The configuration is as follows:
[Email protected] ~]# vim/usr/local/apache2/conf/extra/httpd-vhosts.conf
Write:
Php_admin_value Open_basedir "/data/www:/tmp"
: Wq
Now we don't need the Open_basedir configuration in the php.ini, use; Comment out
[Email protected] ~]# apachectl-t
Syntax OK
[Email protected] ~]# apachectl restart
Effective, the benefit of this is the ability to differentiate between different virtual machines.
In lamp php.ini configuration file detailed