Security Configuration of apache and php in linux

Article Title: Security Configuration of apache and php in linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

(1) safe_mode: run php In safe mode; use the following in the php. ini file:

Safe_mode = On (use Security Mode)

Safe_mode = Off (disable security mode)

How to Set VirtualHost in httpd. conf of apache

Php_admin_flag safe_mode On (use Security Mode)

Php_admin_flag safe_mode Off (disable security mode)

Or:

Php_admin_value safe_mode 1 (use Security Mode)

Php_admin_value safe_mode 0 (disable security mode)

(2) safe_mode_include_dir: directory without UID/GID check;

(3) open_basedir: restrict the files that can be operated by users to a directory;

A. How to Set Directory in httpd. conf of Apache:

Php_admin_value open_basedir/usr/local/apache/htdocs/:/tmp/

B. Set open_basedir =.:/tmp/in php. ini, which indicates that

Access the current directory (the directory where the PHP file is located) And/tmp/directory.

(4) disable_functions: sets the disable function;

Typical Security Configuration

Disable_functions = shell_exec, system, exec, passthru, show_source
, Get_cfg_var, dl

If you are allowed to debug the program, the configuration is as follows:

Disable_functions = shell_exec, system, exec, passthru

(5) register_globals: Disable registration of global variables;

Register_globals = On (automatically registered as a global variable)

Register_globals = Off (cannot be registered as a global variable)

(6) magic_quotes_gpc: Escape sensitive characters

Magic_quotes_gpc = On

Magic_quotes_gpc = Off

In Apache httpd. conf, set VirtualHost as follows:

Php_admin_flag magic_quotes_gpc on

Or:

Php_admin_value magic_quotes_gpc 1