Home > Article > Backend Development > About the use and performance analysis of open_basedir in the directory configuration of PHP files
##open_basedir Limit the files that php can open to the specified directory tree, including the file itself. When a program wants to open a file using, for example, fopen() or file_get_contents(), the location of the file will be checked. When the file is outside the specified directory tree, the program will refuse to open it.
This command is not affected by turning safe mode on or off.1.Add
open_basedir="指定目录"
2 in php.ini .Use
ini_set('open_basedir', '指定目录');in the program but this method is not recommended
3. Directory configuration in apache’s httpd.conf
php_admin_value open_basedir "指定目录"
VritualHost in httpd.conf
php_admin_value open_basedir "指定目录"
4.nginx fastcgi.conf
fastcgi_param PHP_VALUE "open_basedir=指定目录"The limit specified with open_basedir is actually the prefix , not a directory name.
That is to say, open_basedir=/home/fdipzone will also allow access to /home/fdipzone_abc. If you want to limit access to a directory, please use a slash to end the path name, for example: open_basedir=”/home/fdipzone/”
Set open_basedir to /home/fdipzone/sites/in.fdipzone. com/
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /home/fdipzone/sites/in.fdipzone.com ServerName in.fdipzone.com php_admin_value open_basedir "/home/fdipzone/sites/in.fdipzone.com/" <Directory "/home/fdipzone/sites/in.fdipzone.com"> allow from all Options + Indexes </Directory></VirtualHost>Create a test.txt file in the upper directory /home/fdipzone/sites/, create php in in.fdipzone.com and execute the following code
<?phpecho file_get_contents('../test.txt');?>Because test .txt is not within the restricted directory range, so php prompts a warning
Warning: file_get_contents(): open_basedir restriction in effect. File(../test.txt) is not within the allowed path(s): ( /home/fdipzone/sites/in.fdipzone.com/) in /home/fdipzone/sites/in.fdipzone.com/index.php on line 3
<?php// 记录开始时间$starttime = getMicrotime();// 读取10000次文件for($i=0; $i<10000; $i++){ file_get_contents('test.txt'); }// 记录结束时间$endtime = getMicrotime(); printf("run time %f ms\r\n", ((float)($endtime)-(float)($starttime))*1000);function getMicrotime(){ list($usec, $sec) = explode(' ', microtime()); return (float)$usec + (float)$sec; }?>
Close open_basedir test run time
137.237072 ms
Open open_basedir test run time
404.207945 ms
After opening open_basedir, the execution time is closed3 times.
Summary: Using open_basedir can limit the directories and files that the program can operate and improve system security. However, it will affect I/O performance and cause system execution to slow down. Therefore, it is necessary to balance security and performance according to specific needs.
This article explains the use and performance analysis of open_basedir, a php file containing directory configuration. For more related content, please pay attention to the php Chinese website. Related recommendations:Explanation on the solution to cookie loss in ajax cross-domain access
About key_len in mysql explain The calculation method explains
How to use curl to simulate ip and source to access through php
The above is the detailed content of About the use and performance analysis of open_basedir in the directory configuration of PHP files. For more information, please follow other related articles on the PHP Chinese website!