About the use and performance analysis of open_basedir in the directory configuration of PHP files

1. Introduction to open_basedir

##open_basedir Limit the files that php can open to the specified directory tree, including the file itself. When a program wants to open a file using, for example, fopen() or file_get_contents(), the location of the file will be checked. When the file is outside the specified directory tree, the program will refuse to open it.

This command is not affected by turning safe mode on or off.

2.open_basedir setting method

1.Add

open_basedir="指定目录"

2 in php.ini .Use

ini_set('open_basedir', '指定目录');

in the program but this method is not recommended

3. Directory configuration in apache’s httpd.conf

php_admin_value open_basedir "指定目录"

VritualHost in httpd.conf

php_admin_value open_basedir "指定目录"

4.nginx fastcgi.conf

fastcgi_param PHP_VALUE "open_basedir=指定目录"

The limit specified with open_basedir is actually the prefix , not a directory name.

That is to say, open_basedir=/home/fdipzone will also allow access to /home/fdipzone_abc. If you want to limit access to a directory, please use a slash to end the path name, for example: open_basedir=”/home/fdipzone/”

If you want to set up multiple directories, window uses; to separate directories, and Linux uses: to separate directories.

3. Use open_basedir to restrict directory access

First create a VirtualHost,

Set open_basedir to /home/fdipzone/sites/in.fdipzone. com/

<VirtualHost *:80>
    ServerAdmin webmaster@localhost    DocumentRoot /home/fdipzone/sites/in.fdipzone.com    ServerName in.fdipzone.com    php_admin_value open_basedir "/home/fdipzone/sites/in.fdipzone.com/"
    <Directory "/home/fdipzone/sites/in.fdipzone.com">
        allow from all Options + Indexes    </Directory></VirtualHost>

Create a test.txt file in the upper directory /home/fdipzone/sites/, create php in in.fdipzone.com and execute the following code

<?phpecho file_get_contents(&#39;../test.txt&#39;);?>

Because test .txt is not within the restricted directory range, so php prompts a warning

Warning: file_get_contents(): open_basedir restriction in effect. File(../test.txt) is not within the allowed path(s): ( /home/fdipzone/sites/in.fdipzone.com/) in /home/fdipzone/sites/in.fdipzone.com/index.php on line 3

4 .Performance analysis of setting open_basedir

After open_basedir is turned on, it will affect I/O, because each called file needs to be judged whether it is in the restricted directory.

Test program, read the same file in the restricted directory 10,000 times

<?php// 记录开始时间$starttime = getMicrotime();// 读取10000次文件for($i=0; $i<10000; $i++){
    file_get_contents(&#39;test.txt&#39;);
}// 记录结束时间$endtime = getMicrotime();

printf("run time %f ms\r\n", ((float)($endtime)-(float)($starttime))*1000);function getMicrotime(){
    list($usec, $sec) = explode(&#39; &#39;, microtime());    return (float)$usec + (float)$sec;
}?>

Close open_basedir test run time
137.237072 ms

Open open_basedir test run time
404.207945 ms

After opening open_basedir, the execution time is closed3 times.

Summary: Using open_basedir can limit the directories and files that the program can operate and improve system security. However, it will affect I/O performance and cause system execution to slow down. Therefore, it is necessary to balance security and performance according to specific needs.

This article explains the use and performance analysis of open_basedir, a php file containing directory configuration. For more related content, please pay attention to the php Chinese website.

Related recommendations:

Explanation on the solution to cookie loss in ajax cross-domain access

About key_len in mysql explain The calculation method explains

How to use curl to simulate ip and source to access through php

The above is the detailed content of About the use and performance analysis of open_basedir in the directory configuration of PHP files. For more information, please follow other related articles on the PHP Chinese website!