Home > Article > Backend Development > PHP file contains directory configuration open_basedir usage and performance analysis
open_basedir Limit the files that php can open to the specified directory tree, including the file itself. When a program wants to open a file using, for example, fopen() or file_get_contents(), the location of the file will be checked. When the file is outside the specified directory tree, the program will refuse to open it.
This command is not affected by turning safe mode on or off.
1.Add
open_basedir="指定目录"
in php.ini 2.In the program Use
ini_set('open_basedir', '指定目录');
but this method is not recommended
3. Directory configuration in apache’s httpd.conf
php_admin_value open_basedir "指定目录"
VritualHost in httpd.conf
php_admin_value open_basedir "指定目录"
4.nginx fastcgi.conf
fastcgi_param PHP_VALUE "open_basedir=指定目录"
The restrictions specified with open_basedir are actually prefixes, not directories name.
That is to say, open_basedir=/home/fdipzone will also allow access to /home/fdipzone_abc. If you want to limit access to a directory, please use a slash to end the path name, for example: open_basedir=”/home/fdipzone/”
If you want to set up multiple directories, window uses; to separate directories, and Linux uses: to separate directories.
First create a VirtualHost,
Set open_basedir to /home/fdipzone/sites/in.fdipzone.com/
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /home/fdipzone/sites/in.fdipzone.com ServerName in.fdipzone.com php_admin_value open_basedir "/home/fdipzone/sites/in.fdipzone.com/" <Directory "/home/fdipzone/sites/in.fdipzone.com"> allow from all Options + Indexes </Directory></VirtualHost>
Create a test.txt file in the upper directory /home/fdipzone/sites/, create php in in.fdipzone.com and execute the following code
<?phpecho file_get_contents('../test.txt');?>
Because test.txt is not there Within the restricted directory range, so php prompts a warning
Warning: file_get_contents(): open_basedir restriction in effect. File(../test.txt) is not within the allowed path(s): (/home/ fdipzone/sites/in.fdipzone.com/) in /home/fdipzone/sites/in.fdipzone.com/index.php on line 3
Open_basedir will affect I/O after it is turned on, because each called file needs to be judged whether it is in the restricted directory.
Test program, read the same file in the restricted directory 10,000 times
<?php// 记录开始时间$starttime = getMicrotime();// 读取10000次文件for($i=0; $i<10000; $i++){ file_get_contents('test.txt'); }// 记录结束时间$endtime = getMicrotime(); printf("run time %f ms\r\n", ((float)($endtime)-(float)($starttime))*1000);function getMicrotime(){ list($usec, $sec) = explode(' ', microtime()); return (float)$usec + (float)$sec; }?>
Close open_basedir test
run time 137.237072 ms
Open open_basedir test
run time 404.207945 ms
After opening open_basedir, the execution time is closed3 times.
Summary: Using open_basedir can limit the directories and files that the program can operate and improve system security. However, it will affect I/O performance and cause system execution to slow down. Therefore, it is necessary to balance security and performance according to specific needs.
This article explains the use and performance analysis of open_basedir, a php file containing directory configuration. For more related content, please pay attention to the php Chinese website.
Related recommendations:
php file contains directory configuration open_basedir usage and performance analysis
Linux uses the pwgen command to create a random password
php uses regular to remove width and height styles
The above is the detailed content of PHP file contains directory configuration open_basedir usage and performance analysis. For more information, please follow other related articles on the PHP Chinese website!