windows下apache+php平台,虚拟主机安全设置

By admin

- One minute read - 57 words

先按这里的文档对服务器系统安全做设置: http://blog.haohtml.com/index.php/archives/3438

对于php.ini的设置有: 1.修改为安全

safe_mode = true

2.禁用一些系统函数

disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server

3.禁用com组件调用

将 ;com.allow_dcom = true 修改为 com.allow_dcom = false 启用并禁用 4.指定上传文件的临时目录

upload_tmp_dir = “d:\php\upload_tmp”

5.启用特别字符转义功能

magic_quotes_gpc = On

6.关闭错误信息

display_errors=Off

7.对于虚拟主机配置的安全主要有:

ServerAdmin [email protected] DocumentRoot “d:/site/ceshi.papake.net” ServerName ceshi.papake.net DirectoryIndex index.php

#限制在固定的目录里,并授权上传文件临时目录 php_admin_value open_basedir “D:/site/ceshi.papake.net;D:/php/upload_tmp”

Options Indexes MultiViews AllowOverride None order allow,deny Allow from all Options FollowSymLinks Includes