How can I prevent virtual hosts from being noticed in the Apache + PHP environment?

Source: Internet
Author: User
Tags symlink

It is easy to implement in the IIS environment. It can be prevented by an independent "anonymous access account" + NTFS permission.
 
I checked that the IIS-like independent virtual host account solution in Apache does not seem to be well implemented, but there is a simpler method:
 
Add
 
Php_admin_value open_basedir/data/wwwroot/www.2cto.com
 
To restrict the PHP operation permissions on the current VM only in the/data/wwwroot/www.2cto.com directory.
 
I tested it with Phpspy and it worked very effectively (as shown in, files can be listed without this restriction ).
 
 
Note:
I encountered a problem in the previous image: The File Upload Failed.
Because the Web server uses the temporary directory of the system (/tmp for Linux) when processing file uploads, you must have the operation permission for this directory. Www.2cto.com
Php_admin_value open_basedir supports setting multiple directories at the same time. The directories must be separated. Complete:
Php_admin_value open_basedir/data/wwwroot/www.2cto.com/:/tmp/
From PHP official more description: http://www.php.net/manual/en/ini.core.php#ini.open-basedir
Open_basedir stringLimit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.
When a script tries to open a file with, for example, fopen () or gzopen (), the location of the file is checked. when the file is outside the specified directory-tree, PHP will refuse to open it. all symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. if the file doesn't exist then the symlink couldn't be resolved and the filename is compared to (a resolved) open_basedir.
 
The special value. indicates that the working directory of the script will be used as the base-directory. this is, however, a little dangerous as the working directory of the script can easily be changed with chdir ().
 
In httpd. conf, open_basedir can be turned off (e.g. for some virtual hosts) the same way as any other configuration directive with "php_admin_value open_basedir none".
 
Under Windows, separate the directories with a semicolon. On all other systems, separate the directories with a colon. As an Apache module, open_basedir paths from parent directories are now automatically inherited.
 
The restriction specified with open_basedir is a directory name since PHP 5.2.16 and 5.3.4. previous versions used it as a prefix. this means that "open_basedir =/dir/incl" also allowed access to "/dir/include" and "/dir/incls" if they exist. when you want to restrict access to only the specified directory, end with a slash. for example: open_basedir =/dir/incl/
 
The default is to allow all files to be opened.
 
Note:
 
As of PHP 5.3.0 open_basedir can be tightened at run-time. this means that if open_basedir is set to/www/in php. ini a script can tighten the configuration to/www/tmp/at run-time with ini_set (). when listing several directories, you can use the PATH_SEPARATOR
 
 
Also saw another way to set the temporary directory: http://brandonwamboldt.ca/multiple-directories-w-php-open_basedir-540/
 
 
 
Php_admin_value open_basedir/var/www/vhosts/saebermedia.com
Php_admin_value upload_tmp_dir/var/www/vhosts/saebermedia.com/.tmp

Handsome author Ling Yun

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.