/ 中存储网

如何配置Apache虚拟主机隔离

2013-12-25 09:32:01 来源:kejihao

1、实现虚拟主机笼环境

a.upl.com /wwwroot/a.upl.com/

b.upl.com /wwwroot/b.upl.com/

<VirtualHost *:80>

ServerAdmin [email protected]

DocumentRoot “/wwwroot/a.upl.com/”

ServerName a.upl.com

ErrorLog “logs/a.upl.com-error_log”

CustomLog “logs/a.upl.com.com-access_log” common

<IfModule mod_php5.c>

php_admin_value open_basedir “/wwwroot/a.upl.com/:/tmp:/var/lib/php/session”

</IfModule>

<IfModule suexec.c>

SuexecUserGroup daemon daemon

</IfModule>

</VirtualHost>

<VirtualHost *:80>

ServerAdmin [email protected]

DocumentRoot “/www”

ServerName b.upl.com

ErrorLog “logs/b.upl.com-error_log”

CustomLog “logs/b.upl.com-access_log” common

<Directory “/wwwroot/b.upl.com/”>

Order deny,allow

allow from all

</Directory>

<IfModule mod_php5.c>

php_admin_value open_basedir “/wwwroot/b.upl.com/:/tmp:/var/lib/php/session”

</IfModule>

<IfModule suexec.c>

SuexecUserGroup daemon daemon

</IfModule>

</VirtualHost>

2、实现禁止php后门执行系统指令

# vim /usr/local/lib/php.ini

disable_functions = phpinfo,gzcompress,apache_note,apache_setenv,proc_get_status,exec,passthru,proc_nice,proc_open,proc_terminate,shell_exec,system,popen,ini_restore,syslog,define_syslog_variables,symlink,link,error_log,leak,dbmopen,openlog,closelog,popen,pclose,stream_socket_server

关健是passthru函数,是它使后门可以执行系统指令

3、隐藏掉php信息

expose_php = On

4、关闭错误提示

display_errors = Off

5、使用php过滤单引号等特殊字符

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.

magic_quotes_runtime = On

; Use Sybase-style magic quotes (escape ‘ with ” instead of ’).

magic_quotes_sybase = On

 如果打开了,有些php应用工作不正常

6、让php工作在安全模式(一般不用,设定很严格)

safe_mode = On