1.1 php引擎缓存优化加速
1)eaccelerator
2)Zend
3)xcache
1.2 使用tmpfs作为缓存加速的的文件目录
[root@LNMP ~]# mount -t tmpfs /dev/shm -o size=256m
[root@LNMP ~]# mount -t tmpfs /dev/shm/ /tmp/eaccelerator/
提示:
1、上传图片缩略图处理的目录
2、其他加速器临时目录,例如tmp/eaccelerator
1.3 php.ini参数调优
无论是Apache还是nginx,php.ini都适合的,而php-fpm.conf适合nginx+fcgi的配置。首先选择的产品环境的php.ini(php.ini-production)
/home/oldboy/tools/php-5.3.27/php.ini-development
/home/oldboy/tools/php-5.3.27/php.ini-production
1.3.1 打开php的安全模式
php的安全模式是个非常重要的php内嵌的安全机制,能够控制一些php中的函数执行,比如system(),同时把很多文件操作的函数进行了权限控制。
该参数配置如下:
safe_mode = Off
;是否启用安全模式。
;打开时,PHP将检查当前脚本的拥有者是否和被操作的文件的拥有者相同,
1.3.3关闭危险函数
如果打开了安全模式,那么函数禁止是可以不需要的,但是为了安全还是考虑进去,比如,我们觉得不希望执行包括system()等在那的能够执行命令的php函数,或者能够查看php信息的phpinfo()等函数,那么我们就可以禁止他们,方法如下:
disable_functions = system,passthru,exec,shell_exec,popen,phpinfo
如果你要禁止任何文件和目录的操作,那么可以关闭很多文件操作
disable_functions = chdir,chroot,dir,getcwd,opendir,readdir,scandir,fopen,unlink,delete,copy,mkdir,rmdir,rename,file,file_get_contents,fputs,fwrite,chgrp,chmod,chown
以上只是列出了部分不叫常用的文件处理函数,你可以把以上执行命令函数和这个函数结合,就能够抵制大部分phpshell了,该参数默认为disable_functions =
1.3.4 关闭PHP版本信息在http头中的泄露
我们为了防止黑客获取服务器php版本信息,可以关闭信息在http头中。该参数默认配置如下:
expose_php = On
;是否暴露php被安装在服务器上的事实(在http头中添加上其标签)
;它不会有安全上的直接威胁,但是它使得客户端知道服务器上安装了php
建议设置为:
expose_php = Off
这样黑客执行Telnet ucode.blog.51cto.com 80 的时候,那么将无法看到php的信息
1.3.6 打开 magic_quotes_gpc来防止SQL注入
SQL注入是非常危险的问题,轻则网站后台被入侵,重则整个服务器沦陷。
所以一定要小心。php.ini中有一个设置:
magic_quotes_gpc = Off
这个默认是关闭的,如果它打开后将自动把用户提交对sql的查询进行转换,比如把'转换为\'等,这对防止sql注入有重大作用,所以我们推荐设置为:
magic_quotes_gpc = Off
1.3.7错误信息控制
一般的php在没有连接到数据库或者其他情况下会提示错误,一般的错误信息会包含php脚本当前的路径信息或者查询的SQL语句等信息,这类信息提供给黑客后,是不安全的,所以一般服务器建议禁止错误提示:
display_errors = Off
1.3.8错误日志
建议在关闭display_errors后能够把错误信息记录下来,便于查找服务器运行的原因:
log_errors = On
同时也要设置错误日志存放的目录,建议跟Apache的日志存放在一起:
error_log = /app/logs/php_error.log
注意:给文件必须允许Apache用户和组都具有写的权限
1.3.9 部分资源限制参数优化
1.3.9.1 设置每个脚本运行的最长时间
当无法上传较大的文件或者后台备份数据经常超时,此时需要调整如下设置:
max_exxcution_time = 30
;每个脚本最大允许执行时间(秒),0表示没有限制
;这个参数有助于阻止劣质脚本无休止的占用服务器资源
;该指令仅影响脚本本身的运行时间,任何其他花费在脚本运行之外的时间
;如用system()/sleep()函数的使用、数据库查询、文件上传等,都不包括在内。
;在安全模式下,你不能用ini_set()在运行时改变这个设置
1.3.9.2 每个脚本使用的最大内存
memory_limit = 128M
;一个脚本所能够申请到的最大内存字节数(可以使用K和M作为单位)
;这有助于阻止劣质脚本无休止的占用服务器上的所有内存
;要能够使用该指令必须在编译时使用"--enable-memory-limit"配置选项
;如果要取消内存限制,则必须将其设置为-1
;设置了该指令后,memory_get_usage()函数将变为可用
1.3.9.3 每个脚本等待输入数据最长时间
max_input_time = -1
;每个脚本解析输入数据(POST,GET,upload)的最大允许时间(秒)
;-1表示不限制
设置为:
max_input_time = 60;
1.3.9.4 上传文件的最大许可大小
当上传文件较大时,需要调整如下参数:
upload_max_filesize = 2M;
;上传文件的最大许可大小,自己定义,一般图片论坛需要将这个值修改较大,默认2M
另外通过一个请求可以上传多少个文件
max_file_uploads = 20
1.3.10 部分安全参数优化
1、禁止打开远程地址,记得最近出的php include的那个漏洞么,就是在一个php程序中include了变量,那么入侵者就可以利用这个控制服务器在本地执行远程的一个php程序。例如phpshell,所以我们要关闭这个
allow_url_fopen = Off
2、设定:cgi.fix_pathinfo = 0
;防止Nginx文件类型错误解析漏洞
1.3.11 调整php session 信息存放类型和位置
session.save_handler = files
;存储和检索与会话关联的数据的处理器名字,默认为文件("files")
;如果想要使用自定义的处理器(如基于数据库的处理器),可用"user"
;设为"memcache"则可以使用memcache作为会话处理器(需要指定"--enable-memcache-session"编译选项)。
; session.save_path = "/tmp"
;传递给存储处理器的参数,对于files处理器,此值是创建会话数据文件的路径。
web 集群session共享存储设置:
默认php.ini中session的类型和配置路径:
#session.save_handler = files
#session.save_path = "/tmp"
修改成如下配置:
session.save_handler = memcache
session.save_path = "tcp://10.0.0.18:11211"
提示:
1)10.0.0.18:11211为memcache数据库缓存的IP及端口
2)上述适合LAMP、LNMP环境
3)memcache服务器也可以是多台通过hash调度
Working with Flash Session Data in LaravelMar 12, 2025 pm 05:08 PMLaravel simplifies handling temporary session data using its intuitive flash methods. This is perfect for displaying brief messages, alerts, or notifications within your application. Data persists only for the subsequent request by default: $request-
cURL in PHP: How to Use the PHP cURL Extension in REST APIsMar 14, 2025 am 11:42 AMThe PHP Client URL (cURL) extension is a powerful tool for developers, enabling seamless interaction with remote servers and REST APIs. By leveraging libcurl, a well-respected multi-protocol file transfer library, PHP cURL facilitates efficient execution of various network protocols, including HTTP, HTTPS, and FTP. This extension offers granular control over HTTP requests, supports multiple concurrent operations, and provides built-in security features.
Simplified HTTP Response Mocking in Laravel TestsMar 12, 2025 pm 05:09 PMLaravel provides concise HTTP response simulation syntax, simplifying HTTP interaction testing. This approach significantly reduces code redundancy while making your test simulation more intuitive. The basic implementation provides a variety of response type shortcuts: use Illuminate\Support\Facades\Http; Http::fake([ 'google.com' => 'Hello World', 'github.com' => ['foo' => 'bar'], 'forge.laravel.com' =>
Discover File Downloads in Laravel with Storage::downloadMar 06, 2025 am 02:22 AMThe Storage::download method of the Laravel framework provides a concise API for safely handling file downloads while managing abstractions of file storage. Here is an example of using Storage::download() in the example controller:
12 Best PHP Chat Scripts on CodeCanyonMar 13, 2025 pm 12:08 PMDo you want to provide real-time, instant solutions to your customers' most pressing problems? Live chat lets you have real-time conversations with customers and resolve their problems instantly. It allows you to provide faster service to your custom
Explain the concept of late static binding in PHP.Mar 21, 2025 pm 01:33 PMArticle discusses late static binding (LSB) in PHP, introduced in PHP 5.3, allowing runtime resolution of static method calls for more flexible inheritance.Main issue: LSB vs. traditional polymorphism; LSB's practical applications and potential perfo
PHP Logging: Best Practices for PHP Log AnalysisMar 10, 2025 pm 02:32 PMPHP logging is essential for monitoring and debugging web applications, as well as capturing critical events, errors, and runtime behavior. It provides valuable insights into system performance, helps identify issues, and supports faster troubleshoot
How to Register and Use Laravel Service ProvidersMar 07, 2025 am 01:18 AMLaravel's service container and service providers are fundamental to its architecture. This article explores service containers, details service provider creation, registration, and demonstrates practical usage with examples. We'll begin with an ove
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
SublimeText3 English version
Recommended: Win version, supports code prompts!
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
SublimeText3 Linux new version
SublimeText3 Linux latest version
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
