Article Title: Security Configuration of apache and php in linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
(1) safe_mode: run php In safe mode; use the following in the php. ini file:
Safe_mode = On (use Security Mode)
Safe_mode = Off (disable security mode)
How to Set VirtualHost in httpd. conf of apache
Php_admin_flag safe_mode On (use Security Mode)
Php_admin_flag safe_mode Off (disable security mode)
Or:
Php_admin_value safe_mode 1 (use Security Mode)
Php_admin_value safe_mode 0 (disable security mode)
(2) safe_mode_include_dir: directory without UID/GID check;
(3) open_basedir: restrict the files that can be operated by users to a directory;
A. How to Set Directory in httpd. conf of Apache:
Php_admin_value open_basedir/usr/local/apache/htdocs/:/tmp/
B. Set open_basedir =.:/tmp/in php. ini, which indicates that
Access the current directory (the directory where the PHP file is located) And/tmp/directory.
(4) disable_functions: sets the disable function;
Typical Security Configuration
Disable_functions = shell_exec, system, exec, passthru, show_source
, Get_cfg_var, dl
If you are allowed to debug the program, the configuration is as follows:
Disable_functions = shell_exec, system, exec, passthru
(5) register_globals: Disable registration of global variables;
Register_globals = On (automatically registered as a global variable)
Register_globals = Off (cannot be registered as a global variable)
(6) magic_quotes_gpc: Escape sensitive characters
Magic_quotes_gpc = On
Magic_quotes_gpc = Off
In Apache httpd. conf, set VirtualHost as follows:
Php_admin_flag magic_quotes_gpc on
Or:
Php_admin_value magic_quotes_gpc 1