search
HomeBackend DevelopmentPHP TutorialPHP configures open_basedir to let each virtual site run independently_PHP tutorial

PHP configures open_basedir to let each virtual site run independently_PHP tutorial

Jul 21, 2016 pm 02:55 PM
apacheopenphpexistIcomplainindependentsitevirtualrunConfiguration

A few years ago, I was complaining about the poor security of Apache running PHP. As long as one site was taken down, other sites on the server would suffer. At that time, I felt that this was really bad compared to IIS, because in IIS, you can set an anonymous account to use when accessing a site or even a directory in the security. As long as the accounts used by each site are different, the security between sites will be compromised. will not affect each other. Only in the past few days have I discovered that my idea at the time was wrong. Under Apache, you can also configure PHP to realize the independent operation of each site. Although you cannot control in detail how to run a site as a certain user, at least you will not be able to run it again. There is a situation where the entire server has been taken down.

This control can be achieved by configuring PHP's open_basedir. This configuration is also useful under IIS, but here we only talk about the configuration under Apache.

open_basedir can limit the user's activity scope of accessing files to a specified area, usually the path of his home directory.
The symbol "." can also be used to represent the current directory. open_basedir can also set up multiple directories at the same time, using semicolons to separate directories on Windows and
colons on any other system. When it acts on the Apache module, the open_basedir path in the parent directory is automatically inherited. The following takes the configuration under Linux system as an example

Method 1: Configure in php.ini
open_basedir = .:/tmp/

Method 2: Set
php_admin_value open_basedir .:/tmp/

in the VirtualHost configured by Apache

Method 3: Set
php_admin_value open_basedir .:/tmp/

in the Direcotry of Apache configuration

Explanation on the three configuration methods:
a. Method two has a higher priority than method one, which means that method two will override method one; method three has a higher priority than method two, which means that method two has a higher priority than method one. Three will cover method two;
b. "/tmp/" is added to the configuration directory because PHP's default temporary files (such as uploaded files, sessions, etc.) will be placed in this directory, so it is generally necessary to add this directory, otherwise Some functions will not be available;
c. "." added to the configuration directory refers to the current directory where the php file is run. This can avoid setting each site one by one;
d. If the site also uses a site directory For files other than other files, you need to set the directory separately in the corresponding VirtualHost;

After the settings are completed, remember to find a PHP web horse (such as: phpspy) to play with and test if there are any problems. If nothing else, the permissions should be quite well controlled. If you have any experience in PHP security configuration, please share it.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/364378.htmlTechArticleA few years ago, I complained about the poor security of Apache running PHP. As long as a site was taken down, the server would be destroyed. Other sites on the website will suffer accordingly. At that time, I thought this was too...
Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
How can you check if a PHP session has already started?How can you check if a PHP session has already started?Apr 30, 2025 am 12:20 AM

In PHP, you can use session_status() or session_id() to check whether the session has started. 1) Use the session_status() function. If PHP_SESSION_ACTIVE is returned, the session has been started. 2) Use the session_id() function, if a non-empty string is returned, the session has been started. Both methods can effectively check the session state, and choosing which method to use depends on the PHP version and personal preferences.

Describe a scenario where using sessions is essential in a web application.Describe a scenario where using sessions is essential in a web application.Apr 30, 2025 am 12:16 AM

Sessionsarevitalinwebapplications,especiallyfore-commerceplatforms.Theymaintainuserdataacrossrequests,crucialforshoppingcarts,authentication,andpersonalization.InFlask,sessionscanbeimplementedusingsimplecodetomanageuserloginsanddatapersistence.

How can you manage concurrent session access in PHP?How can you manage concurrent session access in PHP?Apr 30, 2025 am 12:11 AM

Managing concurrent session access in PHP can be done by the following methods: 1. Use the database to store session data, 2. Use Redis or Memcached, 3. Implement a session locking strategy. These methods help ensure data consistency and improve concurrency performance.

What are the limitations of using PHP sessions?What are the limitations of using PHP sessions?Apr 30, 2025 am 12:04 AM

PHPsessionshaveseverallimitations:1)Storageconstraintscanleadtoperformanceissues;2)Securityvulnerabilitieslikesessionfixationattacksexist;3)Scalabilityischallengingduetoserver-specificstorage;4)Sessionexpirationmanagementcanbeproblematic;5)Datapersis

Explain how load balancing affects session management and how to address it.Explain how load balancing affects session management and how to address it.Apr 29, 2025 am 12:42 AM

Load balancing affects session management, but can be resolved with session replication, session stickiness, and centralized session storage. 1. Session Replication Copy session data between servers. 2. Session stickiness directs user requests to the same server. 3. Centralized session storage uses independent servers such as Redis to store session data to ensure data sharing.

Explain the concept of session locking.Explain the concept of session locking.Apr 29, 2025 am 12:39 AM

Sessionlockingisatechniqueusedtoensureauser'ssessionremainsexclusivetooneuseratatime.Itiscrucialforpreventingdatacorruptionandsecuritybreachesinmulti-userapplications.Sessionlockingisimplementedusingserver-sidelockingmechanisms,suchasReentrantLockinJ

Are there any alternatives to PHP sessions?Are there any alternatives to PHP sessions?Apr 29, 2025 am 12:36 AM

Alternatives to PHP sessions include Cookies, Token-based Authentication, Database-based Sessions, and Redis/Memcached. 1.Cookies manage sessions by storing data on the client, which is simple but low in security. 2.Token-based Authentication uses tokens to verify users, which is highly secure but requires additional logic. 3.Database-basedSessions stores data in the database, which has good scalability but may affect performance. 4. Redis/Memcached uses distributed cache to improve performance and scalability, but requires additional matching

Define the term 'session hijacking' in the context of PHP.Define the term 'session hijacking' in the context of PHP.Apr 29, 2025 am 12:33 AM

Sessionhijacking refers to an attacker impersonating a user by obtaining the user's sessionID. Prevention methods include: 1) encrypting communication using HTTPS; 2) verifying the source of the sessionID; 3) using a secure sessionID generation algorithm; 4) regularly updating the sessionID.

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

Atom editor mac version download

Atom editor mac version download

The most popular open source editor

SecLists

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function