windows下apache+php平台,虚拟主机安全设置

先按这里的文档对服务器系统安全做设置:http://blog.haohtml.com/index.php/archives/3438

对于php.ini的设置有:
1.修改为安全

safe_mode = true

2.禁用一些系统函数

disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server

3.禁用com组件调用

将 ;com.allow_dcom = true 修改为 com.allow_dcom = false 启用并禁用
4.指定上传文件的临时目录

upload_tmp_dir = "d:\php\upload_tmp"

5.启用特别字符转义功能

magic_quotes_gpc = On

6.关闭错误信息

display_errors=Off

7.对于虚拟主机配置的安全主要有:

<VirtualHost *:80>
ServerAdmin zbjywl@163.com
DocumentRoot "d:/site/ceshi.papake.net"
ServerName ceshi.papake.net
DirectoryIndex index.php

#限制在固定的目录里,并授权上传文件临时目录
php_admin_value open_basedir "D:/site/ceshi.papake.net;D:/php/upload_tmp"

<Directory "d:/site/ceshi.papake.net">
Options Indexes MultiViews
AllowOverride None
order allow,deny
Allow from all
Options FollowSymLinks Includes
</Directory>

</VirtualHost>