PHP security configuration on the production environment - Code World

PHP security configuration on the production environment

Language 2020-03-08 17:38:01 views: null

;关闭错误显示
display_errors = Off

;配置错误日志
error_log = /var/log/php/error.log

;隐藏PHP版本号
expose_php = Off

;关闭自动注册全局变量（5.6以后已移除）
register_globals = Off 

;限定PHP访问路径
open_basedir = /home/web/php/

;禁用远程URL访问
allow_url_fopen = Off

禁用远程include文件包含
allow_url_include = Off

;开启安全模式
safe_mode = On

限定命令路径
safe_mode_exec_dir = /usr/local/php/exec/

;禁用危险函数
disable_function = phpinfo,eval,passthru,exec,system,chroot,scandir,chgrp,chown.shell_exec,proc_open,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlikn,popepassthru,stream_socket_server,fsocket,fsockopen

;设置cookie浏览器中不可见
session.cookie_httponly = 1

;如果是https，开启限定cookie只允许在https下上传
session.cookie_secure = 1

AbleYu

Published 239 original articles · won praise 32 · views 160 000 +

Private letter concerns

Guess you like

Origin blog.csdn.net/why444216978/article/details/104735864

PHP security configuration on the production environment

nginx production environment security configuration - the main configuration file

MYSQL configuration for production environment

Nginx production environment configuration, elasticsearch production environment configuration, rocketmq production environment configuration (the most complete in history)

springboot production environment, the configuration of the test environment

Nuxtjs distinguishes the configuration of production environment and development environment

Aliyun centos production environment configuration and java configuration

Php and Apache environment configuration

IIS configuration PHP environment

PHP Standalone Environment Configuration

PhpStorm php configuration environment

PARSEC security environment configuration, operation

CUDA production environment configuration notes under Debian

Vue3 development environment and production environment packaging configuration

Nginx configuration PHP environment supports

Under Hbuilder environment configuration php

Environment configuration for PHP code audit

php environment setup (correct configuration of nginx and php)

[PHP Series Notes] 01 PHP Environment Configuration

Production security policy and system performance optimization server environment assessment

[Java development framework SpringBoot] Configuration Profile multi-environment support (differentiation of development environment and production environment configuration)

Installation and configuration of PHP environment configuration service environment of WampServer

Springboot Idea development and testing production multi-environment configuration and packaging

Production environment logback log configuration under Spring Boot

Production environment logback log configuration under Spring Boot

webpack4.+ learning two (production environment configuration)

[Python] flask running + wsgi switching production environment + supervisor configuration guide

Linux VPS Security Tips - PHP security settings Nginx environment

Development environment - test environment - production environment - configuration automatic switching N methods

PHP security configuration under lnmp architecture

Recommended

TIOBE May list: Fortran “resurrected” into Top 10

GCC 14.1 released

Ranking

B. Little Girl and Game【1300 / 回文字符串博弈论】

CIKERS Shane 20190613

"Javascript advanced programming" study notes - the constructor and prototype

beeline hiveserver2 start

springboot - Automatically backup mysql data every day

Data Storage Full Solution--Detailed Persistence Technology

Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original

TCP / IP protocol layers structure and function

Command type literal pos: unknown； Fallback type literal pos: unknown] with root cause

Design of multifunctional curtain controller with indoor anti-theft alarm

Daily

More

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)

2024-05-02(0)

2024-05-01(4)

2024-04-30(36)

2024-04-29(5)