PHP file contains directory configuration open_basedir usage and performance analysis

1.Open_basedir introduction

open_basedir Limit the files that php can open to the specified directory tree, including the file itself. When a program wants to open a file using, for example, fopen() or file_get_contents(), the location of the file will be checked. When the file is outside the specified directory tree, the program will refuse to open it.

This command is not affected by turning safe mode on or off.

2.open_basedir setting method

1.Add

open_basedir="指定目录"

in php.ini 2.In the program Use

ini_set('open_basedir', '指定目录');

but this method is not recommended

3. Directory configuration in apache’s httpd.conf

php_admin_value open_basedir "指定目录"

VritualHost in httpd.conf

php_admin_value open_basedir "指定目录"

4.nginx fastcgi.conf

fastcgi_param PHP_VALUE "open_basedir=指定目录"

The restrictions specified with open_basedir are actually prefixes, not directories name.
That is to say, open_basedir=/home/fdipzone will also allow access to /home/fdipzone_abc. If you want to limit access to a directory, please use a slash to end the path name, for example: open_basedir=”/home/fdipzone/”

If you want to set up multiple directories, window uses; to separate directories, and Linux uses: to separate directories.

3. Use open_basedir to restrict directory access

First create a VirtualHost,
Set open_basedir to /home/fdipzone/sites/in.fdipzone.com/

<VirtualHost *:80>
    ServerAdmin webmaster@localhost    DocumentRoot /home/fdipzone/sites/in.fdipzone.com    ServerName in.fdipzone.com    php_admin_value open_basedir "/home/fdipzone/sites/in.fdipzone.com/"
    <Directory "/home/fdipzone/sites/in.fdipzone.com">
        allow from all Options + Indexes    </Directory></VirtualHost>

Create a test.txt file in the upper directory /home/fdipzone/sites/, create php in in.fdipzone.com and execute the following code

<?phpecho file_get_contents(&#39;../test.txt&#39;);?>

Because test.txt is not there Within the restricted directory range, so php prompts a warning
Warning: file_get_contents(): open_basedir restriction in effect. File(../test.txt) is not within the allowed path(s): (/home/ fdipzone/sites/in.fdipzone.com/) in /home/fdipzone/sites/in.fdipzone.com/index.php on line 3

4. Performance analysis of setting open_basedir

Open_basedir will affect I/O after it is turned on, because each called file needs to be judged whether it is in the restricted directory.

Test program, read the same file in the restricted directory 10,000 times

<?php// 记录开始时间$starttime = getMicrotime();// 读取10000次文件for($i=0; $i<10000; $i++){
    file_get_contents(&#39;test.txt&#39;);
}// 记录结束时间$endtime = getMicrotime();
printf("run time %f ms\r\n", ((float)($endtime)-(float)($starttime))*1000);function getMicrotime(){
    list($usec, $sec) = explode(&#39; &#39;, microtime());    return (float)$usec + (float)$sec;
}?>

Close open_basedir test
run time 137.237072 ms

Open open_basedir test
run time 404.207945 ms

After opening open_basedir, the execution time is closed3 times.

Summary: Using open_basedir can limit the directories and files that the program can operate and improve system security. However, it will affect I/O performance and cause system execution to slow down. Therefore, it is necessary to balance security and performance according to specific needs.

This article explains the use and performance analysis of open_basedir, a php file containing directory configuration. For more related content, please pay attention to the php Chinese website.

Related recommendations:

php file contains directory configuration open_basedir usage and performance analysis

Linux uses the pwgen command to create a random password

php uses regular to remove width and height styles

The above is the detailed content of PHP file contains directory configuration open_basedir usage and performance analysis. For more information, please follow other related articles on the PHP Chinese website!