apache 如何将 PHP 应用程序限制为它们自己的目录和它们自己的 php.ini?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/639666/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I limit PHP apps to their own directories and their own php.ini?
提问by John Bubriski
I am running multiple PHP apps on my Mac, running OS X 10.5.6, Apache 2, PHP 5. I have subdomains setup for each project, a host file entries for each subdomain, and Virtual Directory blocks in the Apache config. So
我在 Mac 上运行多个 PHP 应用程序,运行 OS X 10.5.6、Apache 2、PHP 5。我为每个项目设置了子域、每个子域的主机文件条目以及 Apache 配置中的虚拟目录块。所以
project1.localhost goes to /Library/WebServer/Documents/Project1
project2.localhost goes to /Library/WebServer/Documents/Project2
etc...
project1.localhost 转到 /Library/WebServer/Documents/Project1
project2.localhost 转到 /Library/WebServer/Documents/Project2
等...
However, this method doesn't really "isolate" the web apps. For example, if I include a script like so:
但是,这种方法并没有真正“隔离”网络应用程序。例如,如果我包含这样的脚本:
<?php
include("/includes/include.php");
?>
It references the script from the base directory of my computer. So it accesses
C:/includes/include.php
它从我的计算机的基本目录中引用脚本。所以它访问
C:/includes/include.php
Is there a way for me to make it reference
C:/Library/WebServer/Documents/Project2/includes/include.php
有没有办法让它引用
C:/Library/WebServer/Documents/Project2/includes/include.php
Basically, make it so that its not aware of anything outside of its own directory. Also, is there a way to use php.ini's on a per subdomain basis as well?
基本上,让它不知道它自己的目录之外的任何东西。另外,有没有办法在每个子域的基础上使用 php.ini?
回答by J.C. Inacio
I believe it's possible to set a php.ini per virtual host
我相信可以为每个虚拟主机设置一个 php.ini
<VirtualHost *:80>
...
PHPINIDir /full/path/to/php/ini/
</VirtualHost>
this way you can customize open_basedir and others
这样你就可以自定义 open_basedir 和其他人
回答by user13414
You can limit a scripts ability to see anything above a specific folder tree by adding the open_basedirdirective a folder block in the httpd.conf file. It should look like:
您可以通过在 httpd.conf 文件中添加open_basedir指令文件夹块来限制脚本查看特定文件夹树上方的任何内容的能力。它应该看起来像:
<DIRECTORY /full/path/to/folder/containing/script/>
php_admin_value open_basedir "/full/path/to/top/folder/of/desired/tree/"
</DIRECTORY>
<目录/完整/路径/到/文件夹/包含/脚本/>
php_admin_value open_basedir "/full/path/to/top/folder/of/desired/tree/"
</目录>
One thing - if you don't end the path with a / then it's a wildcard match. In other words, "/var/etc/my" will match "/var/etc/myFolder" as well as "/var/etc/myMothersFolder", while "/var/etc/my/" will only match that exact folder name.
一件事 - 如果你不以 / 结束路径,那么它就是一个通配符匹配。换句话说,“/var/etc/my”将匹配“/var/etc/myFolder”以及“/var/etc/myMothersFolder”,而“/var/etc/my/”将只匹配那个确切的文件夹姓名。
回答by OneNerd
Regarding application isolation ~ is this in regards to securingPHP scripts so they cannot access others? Please elaborate -
关于应用程序隔离~这是为了保护PHP 脚本,使其无法访问其他脚本吗?请详细说明 -
Regarding php.ini - I am not aware of any way to use a specific php.ini per directory, but you could certainly create a php include page with a bunch of ini_set() lines, perhaps something like this ..
关于 php.ini - 我不知道有什么方法可以在每个目录中使用特定的 php.ini,但是您当然可以创建一个带有一堆 ini_set() 行的 php 包含页面,也许像这样..
<?php
// in your header or along top of all php modules in your pap
require_once ( '/path/to/includes/ini_set.php' );
// ...
?>
and the ini_set.php script:
和 ini_set.php 脚本:
<?php
// one of these for each override of defaults set in php.ini file --
ini_set ( $varname, $newvalue );
ini_set ( $varname, $newvalue );
ini_set ( $varname, $newvalue );
?>
If you are interested in learning more about the ini_set() function, here is the documentation page on php.net: http://us3.php.net/ini_set
如果您有兴趣了解有关 ini_set() 函数的更多信息,请参阅 php.net 上的文档页面:http: //us3.php.net/ini_set
Hope this was somewhat helpful ~
希望对大家有所帮助~
回答by maff
Best way to do so is to use PHP via FCGI (mod_fcgid). This way you can run PHP using a different user and a different php.ini per vHost.
最好的方法是通过 FCGI (mod_fcgid) 使用 PHP。通过这种方式,您可以使用不同的用户和每个 vHost 的不同 php.ini 运行 PHP。
Here's an example how to set up such a configuration on Ubuntu: http://www.howtoforge.com/how-to-set-up-apache2-with-mod_fcgid-and-php5-on-ubuntu-8.10
以下是如何在 Ubuntu 上设置此类配置的示例:http: //www.howtoforge.com/how-to-set-up-apache2-with-mod_fcgid-and-php5-on-ubuntu-8.10
回答by Luc M
If you want to use full path name, you can use that:
如果要使用完整路径名,可以使用:
<?php
include dirname( __FILE__ ) . '/includes/include.php';
?>
回答by Martin K.
Try a relative path! Like:
试试相对路径!喜欢:
<?php
include("./includes/include.php");
?>
or
或者
<?php
include("includes/include.php");
?>
