The php file contains directory configuration open_basedir usage and performance

This article mainly introduces the use and performance of open_basedir in the php file containing directory configuration. Interested friends can refer to it. I hope it will be helpful to everyone.

1. Introduction to open_basedir

open_basedir limits the files that php can open to the specified directory tree, including the file itself. When a program opens a file using, for example, fopen() or file_get_contents(), the location of the file is checked. When the file is outside the specified directory tree, the program will refuse to open it.

This command is not affected by turning safe mode on or off.

2.open_basedir setting method

1.Add ## in php.ini

#open_basedir="Specify directory"

2. Use

ini_set('open_basedir', 'Specify directory' in the program );

But this method is not recommended

3. Directory configuration in apache’s httpd.conf

php_admin_value open_basedir "Specify the directory"

VritualHost in httpd.conf

php_admin_value open_basedir "Specify the directory"

##4.nginx fastcgi.conffastcgi_param PHP_VALUE "open_basedir=specified directory"

The restrictions specified with open_basedir are actually prefixes, not directory names.

That is to say, open_basedir=/home/fdipzone will also allow access to /home/fdipzone_abc. If you want to limit access to a directory, please use a slash to end the path name, for example: open_basedir=”/home/fdipzone/ ”

If you want to set up multiple directories, window uses; to separate the directories, and Linux uses: to separate the directories.

3. Use open_basedir to restrict directory access First create a VirtualHost,

Set open_basedir to /home/fdipzone/ sites/in.fdipzone.com/

<VirtualHost *:80>
  ServerAdmin webmaster@localhost
  DocumentRoot /home/fdipzone/sites/in.fdipzone.com
  ServerName in.fdipzone.com
  php_admin_value open_basedir "/home/fdipzone/sites/in.fdipzone.com/"
  <Directory "/home/fdipzone/sites/in.fdipzone.com">
    allow from all Options + Indexes
  </Directory>
</VirtualHost>

Create a test.txt file in the upper directory /home/fdipzone/sites/, Create php in in.fdipzone.com and execute the following code

<?php
echo file_get_contents(&#39;../test.txt&#39;);
?>

Because test.txt is not within the limited directory range, php prompts a warning

Warning: file_get_contents(): open_basedir restriction in effect. File(../test.txt) is not within the allowed path(s): (/home/fdipzone/sites/in.fdipzone. com/) in /home/fdipzone/sites/in.fdipzone.com/index.php on line 3

4. Performance analysis of setting open_basedirOpen_basedir will affect I/O after being turned on, because each called file needs to be judged whether it is in the restricted directory.

Test program, read the same file in the restricted directory 10,000 times

<?php
// 记录开始时间
$starttime = getMicrotime();

// 读取10000次文件
for($i=0; $i<10000; $i++){
  file_get_contents(&#39;test.txt&#39;);
}

// 记录结束时间
$endtime = getMicrotime();

printf("run time %f ms\r\n", ((float)($endtime)-(float)($starttime))*1000);

function getMicrotime(){
  list($usec, $sec) = explode(&#39; &#39;, microtime());
  return (float)$usec + (float)$sec;
}
?>

Close the open_basedir test

run time

137.237072 ms

Open open_basedir test

run time

404.207945 ms

After open_basedir is turned on, the execution time is

3 times that of turning it off.

Summary: Using open_basedir can limit the directories and files that the program can operate and improve system security. However, it will affect I/O performance and cause system execution to slow down. Therefore, it is necessary to balance security and performance according to specific needs. The above is the entire content of this article, I hope it will be helpful to everyone's study.

Related recommendations:

PHP 3 ways to connect to the database

PHPDetailed explanation of reference variable knowledge

Coupled design pattern of PHP

The above is the detailed content of The php file contains directory configuration open_basedir usage and performance. For more information, please follow other related articles on the PHP Chinese website!