1. Limit PHP High Risk programs
Edit PHP configuration file
/usr/local/php/etc/php.ini
Find disable_functions =
Add Restriction entry
Eval,assert,popen,passthru,escapeshellarg,esacapshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,shell _exec,proc_get_status,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_ Socket_server,proc_open,proc_close
2. Access error notification display switch off and open PHP error logging
Display_errors = Off
Log_errors = On
3. Change log file location
Error_log =/usr/local/php/log/php_errors.log
4. Change the error level
error_reporting = E_all & ~e_notice
5. Restricting Access to directories
Open_basedir =/data/www:/tmp
You can also restrict access to the directory in the virtual host configuration file
Add the following restrictions under serveralias www.aaa.com in this section
Php_admin_value Open_basedir "/data/www:/tmp"
Use Curl or browser access to display results as correct 200
[Email protected] www2]# curl-x127.0.0.1:80-i www.test.com/forum.php
http/1.1 OK
Date:thu, 01:29:04 GMT
server:apache/2.2.31 (Unix) php/5.4.36
x-powered-by:php/5.4.36
After you change the correct directory to the wrong directory/DATA/WWW2
Php_admin_value Open_basedir "/data/www2:/tmp"
Display the result as Error 500:
[Email protected] www2]# curl-x127.0.0.1:80-i www.test.com/forum.php
http/1.0 Internal Server Error
Date:thu, 01:48:31 GMT
server:apache/2.2.31 (Unix) php/5.4.36
x-powered-by:php/5.4.36
Cache-control:max-age=0
Expires:thu, 01:48:31 GMT
Connection:close
Content-type:text/html
This article is from the "愺 Burgundy pounding his 豩" blog, please be sure to keep this source http://riverxyz.blog.51cto.com/533303/1783334
PHP configuration file in a detailed