- 开启安全模式,可以禁用exec()、system()等函数。
- 在httpd.conf中用php_admin_value open和basedir限制PHP的存取目录。
- 在php_admin_value open_basedir别忘了加上php.ini中指定的PHP临时上传目录和session保存目录,不然会无法上传文件、存取session。
php.ini中按如下配置:
upload_tmp_dir = "D:/PHP/temp/"
session.save_path = "D:/PHP/temp/"
- Apache2.0配置示例:
<VirtualHost *:80>
ServerName www.xxsite.com
DocumentRoot "E:/web/xxsite"
Options FollowSymLinks IncludesNOEXEC Indexes
DirectoryIndex index.html index.php
AllowOverride None
Order Deny,Allow
Allow from all
php_admin_value open_basedir "E:/web/xxsite/;D:/PHP/temp/"
php_admin_value safe_mode On
</VirtualHost>
- Apache2.2配置示例:
<VirtualHost *:80>
ServerName www.xxsite.com
DocumentRoot "E:/web/xxsite"
</VirtualHost>
<Directory "E:/web/xxsite">
Options FollowSymLinks IncludesNOEXEC Indexes
DirectoryIndex index.html index.php
AllowOverride None
Order Deny,Allow
Allow from all
php_admin_value open_basedir "E:/web/xxsite/;D:/PHP/temp/"
php_admin_value safe_mode On
</Directory>