It is easy to implement in the IIS environment. It can be prevented by an independent "anonymous access account" + NTFS permission.
I checked that the IIS-like independent virtual host account solution in Apache does not seem to be well implemented, but there is a simpler method:
Add
Php_admin_value open_basedir/data/wwwroot/www.2cto.com
To restrict the PHP operation permissions on the current VM only in the/data/wwwroot/www.2cto.com directory.
I tested it with Phpspy and it worked very effectively (as shown in, files can be listed without this restriction ).
Note:
I encountered a problem in the previous image: The File Upload Failed.
Because the Web server uses the temporary directory of the system (/tmp for Linux) when processing file uploads, you must have the operation permission for this directory. Www.2cto.com
Php_admin_value open_basedir supports setting multiple directories at the same time. The directories must be separated. Complete:
Php_admin_value open_basedir/data/wwwroot/www.2cto.com/:/tmp/
From PHP official more description: http://www.php.net/manual/en/ini.core.php#ini.open-basedir
Open_basedir stringLimit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.
When a script tries to open a file with, for example, fopen () or gzopen (), the location of the file is checked. when the file is outside the specified directory-tree, PHP will refuse to open it. all symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. if the file doesn't exist then the symlink couldn't be resolved and the filename is compared to (a resolved) open_basedir.
The special value. indicates that the working directory of the script will be used as the base-directory. this is, however, a little dangerous as the working directory of the script can easily be changed with chdir ().
In httpd. conf, open_basedir can be turned off (e.g. for some virtual hosts) the same way as any other configuration directive with "php_admin_value open_basedir none".
Under Windows, separate the directories with a semicolon. On all other systems, separate the directories with a colon. As an Apache module, open_basedir paths from parent directories are now automatically inherited.
The restriction specified with open_basedir is a directory name since PHP 5.2.16 and 5.3.4. previous versions used it as a prefix. this means that "open_basedir =/dir/incl" also allowed access to "/dir/include" and "/dir/incls" if they exist. when you want to restrict access to only the specified directory, end with a slash. for example: open_basedir =/dir/incl/
The default is to allow all files to be opened.
Note:
As of PHP 5.3.0 open_basedir can be tightened at run-time. this means that if open_basedir is set to/www/in php. ini a script can tighten the configuration to/www/tmp/at run-time with ini_set (). when listing several directories, you can use the PATH_SEPARATOR
Also saw another way to set the temporary directory: http://brandonwamboldt.ca/multiple-directories-w-php-open_basedir-540/
Php_admin_value open_basedir/var/www/vhosts/saebermedia.com
Php_admin_value upload_tmp_dir/var/www/vhosts/saebermedia.com/.tmp
Handsome author Ling Yun