Home > Developer > Web Develop
Third, the PHP related configuration
Through browser access, use the Phpinfo () function to view the site Phpinfo function file, if not loaded php.ini, from the source package to copy one to/usr/local/php/etc/
Cp/usr/local/src/php-5.6.32/php.ini-development/usr/local/php/etc/php.ini
Disable_functions is a security function
#vim/usr/local/php/etc/php.ini//Modify the configuration file, in disable_functions = followed by the following security functions, some enterprise production environment to add phpinfo to security functions, increase security
Disable_functions =eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir , Chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen, Openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,phpinfo
#/usr/local/apache2.4/bin/apachectl Graceful//re-loading the next file after the modification is complete
To refresh the http://111.com/index.php Web page in the browser, the following page prompt appears: Phpinfo is banned
#vim/usr/local/php/etc/php.ini//date.timezone defined as Asia Shanghai or Chongqing
Date.timezone = Asia/shanghai
Change display_errors = on to display_errors = off, and access to off after http://111.com/index.php will not output error message, directly into white page
If the error message output is disabled, you need to turn on the error log, log_errors = ON, modify the error log path error_log =/tmp/php_errors.log
Error_reporting defines error logging level, default error_reporting = E_all, general use of Show all errors on production, except for notices
#/usr/local/apache2.4/bin/apachectl-t
#/usr/local/apache2.4/bin/apachectl Graceful
#ls/tmp//Can see if the Php_errors.log file is generated under/tmp
#ls-L/tmp/php_errors.log
rw-r--r--1 Daemon Daemon 145 June 5 07:34/tmp/php_errors.log//Can see that its genus is daemon
#ps aux |grep httpd
Daemon is actually the process of httpd, then this error log is generated as the identity of this process
If an error log is defined, but the error log is never generated, you will need to check the defined error path for write permission
#cat/tmp/php_errors.log//View error log contents
[05-jun-2018 07:34:06 Asia/shanghai] PHP Warning:phpinfo () have been disabled for security reasons in/data/wwwroot/111.com/index.php on line 2
#vim/data/wwwroot/111.com/2.php//Create a 2.php
Curl-a "A"-x127.0.0.1:80 Http://111.com/2.php-I//Report 500 error
#cat/tmp/php_errors.log//Prompt for parse error error
[05-jun-2018 08:14:40 Asia/shanghai] PHP Parse error:syntax Error, unexpected end of file in/data/wwwroot/111.com/2.php on line 4
Multi-site Security configuration:
Requirements: A server to run multiple sites, a site code may have problems, there are loopholes, the result of a site is black, to make other site directory is not affected, you can increase Open_basedir
#vim/usr/local/php/etc/php.ini
OPEN_BASEDIR=/DATA/WWWROOT/111.COM:/TMP//If defined under PHP.ini, only one open_basedir can be defined, for all sites and temporary directories
#/usr/local/apache2.4/bin/apachectl Graceful
#vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf//individually qualify each site for isolation, modify the httpd-vhosts.conf configuration file
Php_admin_value open_basedir "/data/wwwroot/111.com:/tmp"//Added in 111.com site configuration file
Php_admin_value open_basedir "/data/wwwroot/abc.com:/tmp"//Added in abc.com site configuration file
#/usr/local/apache2.4/bin/apachectl-t
#/usr/local/apache2.4/bin/apachectl Graceful
Qualify a directory to prohibit parsing PHP restrictions user_agent PHP-related configuration
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
