5.4.36System => Linux centos6.5-1..."/>
您好,登錄后才能下訂單哦!
PHP主配置文件是/usr/local/php/etc/php.ini:
[root@centos6 ~]# /usr/local/php/bin/php -i |head
phpinfo()
PHP Version => 5.4.36
System => Linux centos6.5-1 2.6.32-431.el6.i686 #1 SMP Fri Nov 22 00:26:36 UTC 2013 i686
Build Date => Jan 14 2017 00:52:17
Configure Command => './configure' '--prefix=/usr/local/php' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-config-file-path=/usr/local/php/etc' '--with-mysql=/usr/local/mysql' '--with-libxml-dir' '--with-gd' '--with-jpeg-dir' '--with-png-dir' '--with-freetype-dir' '--with-iconv-dir' '--with-zlib-dir' '--with-bz2' '--with-openssl' '--with-mcrypt' '--enable-soap' '--enable-gd-native-ttf' '--enable-mbstring' '--enable-sockets' '--enable-exif' '--disable-ipv6'
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /usr/local/php/etc
Loaded Configuration File => /usr/local/php/etc/php.ini
該配置文件以分號(hào)“;”作為注釋符號(hào),可以使用參數(shù) disable_functions 禁用一些高風(fēng)險(xiǎn)的函數(shù):
[root@centos6 ~]# vim /usr/local/php/etc/php.ini
……
; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/disable-functions
disable_functions = eval,assert,popen,passthrn,escapeshllarg,escapes
hellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellc
md,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,d
l,pfsockopen,openlog,syslog,readlink,syslink,leak,popepassthru,strea
m_socket_server,popen,proc_open,proc_close
可以打開(kāi)display_errors=On(默認(rèn)是Off)在瀏覽器中顯示錯(cuò)誤信息
; On or stdout = Display errors to STDOUT
; Default Value: On
; Development Value: On
; Production Value: Off
; http://php.net/display-errors
display_errors = On
重新加載配置文件
[root@centos6 ~]# apachectl -t
Syntax OK
[root@centos6 ~]# apachectl graceful
打開(kāi)我們論壇頁(yè)面,人為加點(diǎn)錯(cuò)誤
[root@centos6 ~]# vim /data/www/forum.php
<?php
abcdefgh #來(lái)點(diǎn)錯(cuò)誤
/**
* [Discuz!] (C)2001-2099 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: forum.php 33828 2013-08-20 02:29:32Z nemohou $
*/
define('APPTYPEID', 2);
define('CURSCRIPT', 'forum');
……
訪問(wèn)會(huì)出現(xiàn)錯(cuò)誤
display_errors = On改回默認(rèn)值Off
[root@centos6 ~]# vim /usr/local/php/etc/php.ini
……
; On or stdout = Display errors to STDOUT
; Default Value: On
; Development Value: On
; Production Value: Off
; http://php.net/display-errors
display_errors = Off
……
[root@centos6 ~]# apachectl -t
Syntax OK
[root@centos6 ~]# apachectl graceful
訪問(wèn)不提示錯(cuò)誤,空白,按F12查看狀態(tài)碼為500
也可以使用curl查看狀態(tài)碼
[root@centos6 ~]# curl -x192.168.147.132:80 www.test.com/forum.php -I
HTTP/1.0 500 Internal Server Error
Date: Sat, 14 Jan 2017 22:40:53 GMT
Server: Apache/2.2.9 (Unix) PHP/5.4.36
X-Powered-By: PHP/5.4.36
Cache-Control: max-age=0
Expires: Sat, 14 Jan 2017 22:40:53 GMT
Connection: close
Content-Type: text/html
我們不可以使用display_errors=On來(lái)再瀏覽器頁(yè)面中查看我們的錯(cuò)誤信息,因?yàn)檫@樣會(huì)把錯(cuò)誤暴露給所有用戶,這很危險(xiǎn)。我們使用log_errors=On(默認(rèn)是打開(kāi)的)來(lái)記錄錯(cuò)誤信息,以供改正。
只需要定義錯(cuò)誤日志存放的位置
[root@centos6 ~]# mkdir /usr/local/php/logs
[root@centos6 ~]# chmod 777 !$
chmod 777 /usr/local/php/logs
定義存放位置:
; Example:
error_log = /usr/local/php/logs/php_errors.log
; Log errors to syslog (Event Log on Windows).
定義錯(cuò)誤日志級(jí)別:
; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
; Development Value: E_ALL
; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
; http://php.net/error-reporting
error_reporting = E_ALL & ~E_NOTICE
重新加載配置文件后
[root@centos6 ~]# apachectl -t
Syntax OK
[root@centos6 ~]# apachectl graceful
刷新瀏覽器,會(huì)在我們指定的路徑下生成一個(gè)錯(cuò)誤日志,內(nèi)容跟使用瀏覽器顯示的錯(cuò)誤一樣:
[root@centos6 logs]# ls
php_errors.log
[root@centos6 logs]# cat php_errors.log
[14-Jan-2017 22:47:45 UTC] PHP Parse error: syntax error, unexpected 'define' (T_STRING) in /data/www/forum.php on line 11
限制用戶只能訪問(wèn)的目錄,以:分割多個(gè)目錄(這里我們?nèi)サ鬴orum.php中的錯(cuò)誤代碼)
[root@centos6 logs]# vim /usr/local/php/etc/php.ini
; open_basedir, if set, limits all file operations to the defined directory
; and below. This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/open-basedir
open_basedir = /data/www/:/tmp/
[root@centos6 logs]# apachectl -t
Syntax OK
[root@centos6 logs]# apachectl graceful
如果我們限制用戶到一個(gè)錯(cuò)誤的目錄比如www2(不存在):
[root@centos6 logs]# vim /usr/local/php/etc/php.ini
; open_basedir, if set, limits all file operations to the defined directory
; and below. This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/open-basedir
open_basedir = /data/www2/:/tmp/
[root@centos6 logs]# apachectl -t
Syntax OK
[root@centos6 logs]# apachectl graceful
又不能訪問(wèn)了
從錯(cuò)誤日志中找到原因
[root@centos6 logs]# cat php_errors.log
……
[14-Jan-2017 22:55:07 UTC] PHP Warning: Unknown: open_basedir restriction in effect. File(/data/www/forum.php) is not within the allowed path(s): (/data/www2/:/tmp/) in Unknown on line 0
……
因此允許訪問(wèn)的目錄范圍一定要限制正確。
如果有多個(gè)虛擬主機(jī),多個(gè)網(wǎng)站,就需要做多個(gè)open_basedir限制,如果使用php.ini配置的話,只能一組目錄,多個(gè)站點(diǎn)無(wú)法指定自己特有的目錄,所以我們使用虛擬主機(jī)配置文件做配置。
先把php.ini里的open_basedir注釋掉
[root@centos6 logs]# vim /usr/local/php/etc/php.ini
……
; open_basedir, if set, limits all file operations to the defined directory
; and below. This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/open-basedir
;open_basedir = /data/www/:/tmp/
……
我們這里只有一臺(tái)虛擬主機(jī),在其中加入如下內(nèi)容即可,如果有多臺(tái)虛擬主機(jī),每一臺(tái)都可以指定自己的目錄
[root@centos6 logs]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
……
<VirtualHost *:80>
# ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
ServerAlias www.bbb.com
php_admin_value open_basedir "/data/www/:/tmp/"
<Directory "/data/www">
AllowOverride None
Options None
……
[root@centos6 logs]# apachectl -t
Syntax OK
[root@centos6 logs]# apachectl graceful
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。