PHP Engine files php.ini optimization parameters

The php.ini is suitable for both Apache and nginx environments, and php-fpm.conf is suitable for nginx+fcgi configurations.

Production environment PHP.ini(php.ini-production)

Php.ini-development
Php.ini-production

# Vim/application/php/lib/php.ini

(1) PHP function is disabled to find:

Disable_functions = This option can set which PHP functions are forbidden, there are some functions in PHP the risk is quite large, you can directly execute some system-level script commands, if you allow these functions to execute, when the PHP program vulnerabilities, the loss is very serious! Below we give the recommended disabling function settings:

Disable_functions = Phpinfo,passthru,exec,system,popen,chroot,escapeshellcmd,escapeshellarg,shell_exec,proc_open , Proc_get_status

Note: If your server contains some PHP programs for system State detection, do not disable functions such as Shell_exec,proc_open,proc_get_status.

(2) PHP script execution time found:

Max_execution_time = 30

This option sets the maximum execution time for a PHP program, and if a PHP script is requested and the PHP script does not complete within max_execution_time time, PHP will no longer execute and return a timeout error directly to the client. There is no special need this option to maintain the default setting of 30 seconds, if your PHP script does require a long execution time, you can increase the time setting appropriately.

(3) PHP script handles memory usage found:

Memory_limit = 8M

This option specifies the maximum memory that PHP scripting can occupy, the default is 8MB, and if your server memory is more than 1GB, this option can be set to 12MB for faster PHP script processing efficiency.

(4) PHP global function declaration found:

Register_globals = Off

Many articles on the web about PHP settings are recommended to set this option to on, which is a dangerous setting and is likely to cause serious security problems. If there is no special need, it is highly recommended to keep the default settings!

(5) PHP upload file size limit found:

Upload_max_filesize = 2M

This option sets PHP to allow the maximum upload file size, which defaults to 2MB. Depending on the actual application needs, this setting can be increased appropriately.

(6) Session storage media found:

Session.save_path

(7) Open MAGIC_QUOTES_GPC to prevent SQL injection.

SQL injection is dangerous, and the Web site is compromised and the entire server is paralyzed.

AGIC_QUOTES_GPC = Off #默认是关闭状态. The SQL query submitted by the user will be converted by itself after opening,

For example, " convert to \" , which is important to prevent SQL injection, so the recommended setting is: AGIC_QUOTES_GPC = on.

(8) Error Message control: The general PHP program is not connected to the database or other situations with a prompt error, general error message

There will be a PHP script current path information or query SQL statements and other information, if used by hackers, and its

Unsafe, it is generally recommended that the server suppress the prompt for error messages.

This parameter is configured as follows:

Display_errors = Off

Tip: in a production system, it is strongly recommended that you use error logging to record the error messages displayed on the Web site.

(9) Error log, after the error message appears, we want to record the error message, easy to see the reasons for the PHP service error:

Log_errors = On

also to set the directory of log storage, it is recommended that the directory and Web services to store the path consistent, such as the following settings:

error_log =/application/apache/logs/php_errors.log #与Apache日志在同一目录

Note: This file is for Apache users and groups to have read and write permissions.

More in the later use to again summarize:

Reference URL:https://www.cnblogs.com/xiaorenwu702/p/6151553.html

PHP Engine files php.ini optimization parameters