PHP configuration file in a detailed

1. Limit PHP High Risk programs

Edit PHP configuration file

/usr/local/php/etc/php.ini

Find disable_functions =

Add Restriction entry

Eval,assert,popen,passthru,escapeshellarg,esacapshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,shell _exec,proc_get_status,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_ Socket_server,proc_open,proc_close

2. Access error notification display switch off and open PHP error logging

Display_errors = Off

Log_errors = On

3. Change log file location

Error_log =/usr/local/php/log/php_errors.log

4. Change the error level

error_reporting = E_all & ~e_notice

5. Restricting Access to directories

Open_basedir =/data/www:/tmp

You can also restrict access to the directory in the virtual host configuration file

Add the following restrictions under serveralias www.aaa.com in this section

Php_admin_value Open_basedir "/data/www:/tmp"

Use Curl or browser access to display results as correct 200

[Email protected] www2]# curl-x127.0.0.1:80-i www.test.com/forum.php

http/1.1 OK

Date:thu, 01:29:04 GMT

server:apache/2.2.31 (Unix) php/5.4.36

x-powered-by:php/5.4.36

After you change the correct directory to the wrong directory/DATA/WWW2

Php_admin_value Open_basedir "/data/www2:/tmp"

Display the result as Error 500:

[Email protected] www2]# curl-x127.0.0.1:80-i www.test.com/forum.php

http/1.0 Internal Server Error

Date:thu, 01:48:31 GMT

server:apache/2.2.31 (Unix) php/5.4.36

x-powered-by:php/5.4.36

Cache-control:max-age=0

Expires:thu, 01:48:31 GMT

Connection:close

Content-type:text/html

This article is from the "愺 Burgundy pounding his 豩" blog, please be sure to keep this source http://riverxyz.blog.51cto.com/533303/1783334

PHP configuration file in a detailed