9.PHP Related Configurations

Last Update:2018-03-12 Source: Internet

Author: User

Tags configuration php parse error phpinfo

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

[TOC]

PHP Related configuration PHP related configuration 1. Find PHP-related configuration files

Every time you turn on the virtual machine, pay attention to the location of the current file directory

[[email protected] ~]# cd /data/wwwroot/xavi.com[[email protected] xavi.com]# ls123.php  admin  index.php  upload  xavi.jpg  xavi.txt

Edit the index.php file for the current location

[[email protected] xavi.com]# !vimvim index.php<?phpphpinfo();

Open a Web page to see how it loads Loaded Configuration file does not load

2. Find the PHP configuration file

[[email protected] php-7.1.6]# /usr/local/php7/bin/php -i | grep -i ‘loaded configuration file‘Loaded Configuration File => /usr/local/php7/etc/php.ini

3. Copy the configuration file, refresh the configuration file after gracful refresh the index.php

[[email protected] xavi.com]# cd /usr/local/src/php-7.1.6/[[email protected] php-7.1.6]# cp php.ini-development /usr/local/php7/etc/php.ini[[email protected] php-7.1.6]#  /usr/local/apache2.4/bin/apachectl graceful

4. Edit the configuration file:/usr/local/php7/etc/php.ini

[[email protected] php-7.1.6]# vim /usr/local/php7/etc/php.ini

Search for/disable_functions within vim

The following are the functions that are often considered more dangerous:

disable_functions =eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,phpinfo

The first eval function is a function called by the Trojan file mentioned in the previous article. If you disable this function, you can't do it even if you can upload a php file.

About Phpinfo can show all the information about PHP, if the hacker saw it would be unthinkable. So many enterprises in order to more security will phpinfo will also be banned!

But when we ban PHP, when you visit Phpinfo, he will still display the error message in the browser:
This test I did not get the results, but the normal display Phpinfo interface

Find the cause of the error: Phpinfo is not recognized before, and no error, because you have all the functions of self-segmentation, rather than the overall replication

Hackers are more rigorous, it will still find the relevant configuration through this path, so in order to prevent the display in the browser, we can also turn off all this information!

5. Define Time.zone in php.ini if not defined, alarm information will be given

[[email protected] php-7.1.6]# vim /usr/local/php7/etc/php.ini

Find Time.zone

6. Display in the browser, we can also turn off all this information!

6.1 Search/display, change to OFF.

display_errors = Off

6.2 And then configure the Log_error.

log_errors = On

6.3 Then go again to define the path to the error log:

Search/error_log, modify to/tmp.

Error_log =/tmp/php_errors.log

6.4 In order to see the log content more intuitively, we need to set the log level:

Search/error_reporting

error_reporting = E_all & ~e_notice
In the production environment, the most common is this! Sometimes notice doesn't make a mistake.

Do not have permission to access

7. Testing

[[email protected] php-7.1.6]# curl -x127.0.0.1:80 http://xavi.com/index.php -IHTTP/1.1 403 ForbiddenDate: Sun, 11 Mar 2018 09:34:23 GMTServer: Apache/2.4.29 (Unix) PHP/7.1.6Content-Type: text/html; charset=iso-8859-1

[[email protected] php-7.1.6]# curl -A "xavi" -x127.0.0.1:80 http://xavi.com/index.php -IHTTP/1.1 200 OKDate: Sun, 11 Mar 2018 09:36:57 GMTServer: Apache/2.4.29 (Unix) PHP/7.1.6X-Powered-By: PHP/7.1.6Content-Type: text/html; charset=UTF-8

  [[email protected] php-7.1.6]# touch/tmp/php_errors.log[[email protected] php-7.1.6]# chmod 777/tmp/php_errors.log[[email protected] php-7.1.6]# ls-l/tmp/php_errors.log-rwxrwxrwx 1 root root 0 March 11 17:52 /tmp/php_errors.log[[email protected] php-7.1.6]# cat/tmp/php_errors.log[[email protected] php-7.1.6]#/ Usr/local/apache2.4/bin/apachectl graceful[[email protected] php-7.1.6]# curl-a "Xavi"-x127.0.0.1:80/HTTP/  xavi.com/index.php-ihttp/1.1 Okdate:sun, Mar 2018 09:57:50 gmtserver:apache/2.4.29 (Unix) php/7.1.6x-powered-by: php/7.1.6content-type:text/html; Charset=utf-8[[email protected] php-7.1.6]# vim/data/wwwroot/xavi.com/2.php[[email protected] php-7.1.6 ]# curl-a "Xavi"-x127.0.0.1:80 http://xavi.com/2.php-IHTTP/1.1 Okdate:sun, Mar 2018 10:00:42 gmtserver:apache/ 2.4.29 (Unix) php/7.1.6x-powered-by:php/7.1.6content-type:text/html; Charset=utf-8

There is no 500 error code??????

[[email protected] php-7.1.6]# curl -x 192.168.72.130:80 xavi.com/2.php -I    HTTP/1.1 403 ForbiddenDate: Sun, 11 Mar 2018 10:15:00 GMTServer: Apache/2.4.29 (Unix) PHP/7.1.6Content-Type: text/html; charset=iso-8859-1[[email protected] php-7.1.6]# curl -x 192.168.72.130:80 xavi.com/index.php -I    HTTP/1.1 403 ForbiddenDate: Sun, 11 Mar 2018 10:15:23 GMTServer: Apache/2.4.29 (Unix) PHP/7.1.6Content-Type: text/html; charset=iso-8859-1[[email protected] php-7.1.6]# !catcat /tmp/php_errors.log[11-Mar-2018 18:14:46 Asia/shanghai] PHP Parse error:  syntax error, unexpected end of file in /data/wwwroot/xavi.com/2.php on line 4

10.31 PHP Related Configuration open_basedir

If there is a server ran a lot of sites, which there is a station program is very bad, flawed, hijacked by hackers, as long as one is hijacked, the other servers will soon be done. To prevent such a thing from happening, how to fix it?

Qualifying different Open_basedir for different virtual hosts

[[email protected] php-7.1.6]# vim /usr/local/php/etc/php.ini

open_basedir = /usr/local/wwwroot/xavi.com:/tmp //多个目录用:隔开，这个说明PHP限制在这两个目录活动

Consistent no 500 error

[[email protected] php-7.1.6]# cat /tmp/php_errors.log[11-Mar-2018 18:14:46 Asia/shanghai] PHP Parse error:  syntax error, unexpected end of file in /data/wwwroot/xavi.com/2.php on line 4

1. To limit the different open_basedir1.1 open profiles for different virtual hosts: vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf1.2 Add the following configuration:

php_admin_value open_basedir "/data/wwwroot/xavi.com/:/tmp/"

Why do you want to add/tmp?

is because/tmp has our error log, and some forums allow uploading images are uploaded to the TMP directory first, and then go to upload!

9.PHP Related Configurations

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More