Home > Cloud Computing > Cloud Security

Apache + php + mysql Security Configuration Overview

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Apache + php + mysql Security Configuration full strategy individual sorting is not original, mysql is skipped

 
Apache:
 
1. Compile the source code and modify the default banner.
 
2. Modify default http status response code 404,503 and other default pages
 
3. Password. htaccess is required to access a special directory.
 
4. Disable the index directory options-Indexes
 
5. Disable the CGI executable program options-ExecCGI
 
6. apache restriction directory php_admin_value open_basedir/var/www
 
7. apache php extension Parsing Vulnerability
The apache configuration file prohibits execution of files such as. php.
 
<Files ~ ". (Php. | php3.)">
Order Allow, Deny
Deny from all
</Files>
 
8. apache does not have the execution permission to set the upload directory.
Disable php parsing in the/www/home/upload path:
<Directory "/www/home/upload">
<Files ~ ". Php">
Order allow, deny
Deny from all
</Files>
</Directory>
 
 
 
PHP:
 
1. Set register_globals = Off in the configuration file php. ini. (Preventing variable misuse)
 
2. magic_quotes_gpc = On is still required. You can handle it with a program. The customer cannot --!!
 
3. safe_mode is the unique PHP_INI_SYSTEM attribute and must be set through php. ini or httpd. conf. To enable safe_mode, you only need to modify php. ini: safe_mode = On (to avoid local inclusion, file opening, and command execution)
 
4. Disable the PHP Remote File opening function unless otherwise required. Modify the php. ini file to prevent remote inclusion)
 
5. Anti-injection. in php. ini, find this section:
; Automatically add files before or after any PHP document.
; Auto_prepend_file = "phpids. php"
; Auto_append_file = "alert. php"
 
The default value is null. Add the included files.
At the same time, find:
; UNIX: "/path1:/path2"
; Include_path = ".:/php/shortdes"
;
Windows: "path1; path2"
Include_path = ".; F: PHPnowhtdocs"
 
6. Modify display_errors = Off (disable warning and error messages, and blow the path)
 
7. The disable_function to block
 
Disable_functions = phpinfo, exec, system, passthru, shell_exec, escapeshellarg, escapeshellcmd, proc_close, proc_open, dl, popen, show_source
 
8. disable_classes can disable some classes. If multiple classes are separated by commas (,),

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More