I. Disabling dangerous functions
L View PHP Configuration document location
/usr/local/php/bin/php-i |head # Find Configuration File (php.ini) Path =/usr/local/php/etc represents the configuration file in this directory php.ini
L Modifying a configuration file
Vim/usr/local/php/etc/php.ini # Find disable_functions , add something:
Disable_functions =
Eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown, Escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog, Readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close
Second, Open PHP error log
L Modify php.ini, find display_errors = off modified to display_errors = on # indicates that the error log is displayed when the browser accesses the error page. This method is generally not used
L Common methods:
modify php.ini , find log_errors = off log_errors = on
error_log = xxxxx/php_errors.log modified to absolute path error_log = /usr/local/php/logs/php_errors.log # No auto-generation , not created manually, permissions modified to
Find /error_reporting plus /error_reporting = e_all & ~e_notice
L Reload Apache service , Graceful represents an overloaded configuration
/usr/local/apache2/bin/apachectl Gracefu L
Third, Configuring Open_basedir ( Security Configuration )
L Modify the php.in file to find Open_basedir modified to Open_basedir =/data/www/ :/ directory 2/: Table of Contents 3/
# indicates that only access to this directory is allowed, other directories cannot be accessed
L To Modify a virtual host configuration file httpd-vhosts.conf
Add in <virtualhost *:80> :
Php_admin_value Open_basedir = "/data/www/ :/ directory 2/: Table of Contents 3/ "
# Point 1 and point 2 effect equal, one is global one is a virtual host
Four, Open the slow query log, log queries for more than 1 seconds
vim/etc/my.conf Add code to the other modules below the [mysqld] module (not inside the mysqld module):
log_slow_queries =/ Var/log / Mysql_ slow_queries . Log
Long_query_time = 1 # record more than 1 seconds of statement
Open Short Label control parameters: Short_open_tag = on
This article is from the Linux blog, so be sure to keep this source http://lstulinux.blog.51cto.com/3938932/1701473
PHP Security Configuration