Debian php and apache Security Settings

Network security blog

The installation path of php5 is in/etc/php5/
The configuration file path is in/etc/php5/apache2/php. ini.
Cd first, and then vim php. ini
Find disable_function =
Enter a colon followed by a left slash:/disable_function
Is the meaning of the search
Change the content here
Disable_functions = shell_exec, system, exec, passthru, show_source, get_var _var, touch, fgets, popen, proc_open, link, symlink
This prevents command execution and bounce Elevation of Privilege.

Apache Security;
Each user sets openbasedir
Usually installed in the/etc/apache2 configuration file in the/etc/apache2/sites-available/default
Same as above. vim default
Below is my configuration file
# Duo ge yu ming: ServerAlias www.baidu.com
Www.google.com

NameVirtualHost *: 80
<VirtualHost *: 80>
DocumentRoot "/sdfsadfsdfsdf"
</VirtualHost>
# Ce shi
<VirtualHost *: 80>
ServerAdmin k1ll@baidu.com

DocumentRoot "/home/safe121/website_root"
Php_admin_value open_basedir "/home/safe121:/tmp"
ServerName blog.safe121.com
ServerAlias safe121.com www.safe121.com
CustomLog/var/log/apache2/safe121 combined
</VirtualHost>
Here, the CustomLog log's day to php_admin_value open_basedir "/home/safe121:/tmp" is the path to restrict the open
One is the home directory of your current website, and the other is the directory Uploaded By/tmp.