9q13nh 发表于 2024-10-4 13:38:44

PHP配置优化


    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">在之前的<span style="color: black;">文案</span>中<span style="color: black;">咱们</span>介绍了开启【opcache】优化PHP,今天<span style="color: black;">咱们</span>再介绍几个PHP<span style="color: black;">关联</span>配置优化。</span></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">1、打开php的安全模式</span></strong></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;"><span style="color: black;">重点</span><span style="color: black;">掌控</span>php执行危险函数,默认是关闭:</span><strong style="color: blue;"><span style="color: black;">Off</span></strong></span></p><span style="color: black;">sql.safe_mode</span>=<span style="color: black;">On</span>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><span style="color: black;">2、禁止<span style="color: black;">表示</span>PHP版本号</span></strong></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">出于网站安全<span style="color: black;">思虑</span>,防止别人针对特定php版本漏洞攻击网站。有的网站你用站长工具一查,<span style="color: black;">运用</span>的是什么web服务器、PHP版本是多少都一目了然,<span style="color: black;">针对</span>特定的PHP版本漏洞,黑客当然是<span style="color: black;">晓得</span>的,<span style="color: black;">隐匿</span>版本号虽<span style="color: black;">不可</span>说<span style="color: black;">处理</span>了问题,<span style="color: black;">然则</span>会给黑客<span style="color: black;">增多</span>难度。</span></span></p><span style="color: black;">expose_php</span> = <span style="color: black;">Off</span>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><span style="color: black;">3、</span></strong><span style="color: black;"><strong style="color: blue;"><span style="color: black;">关闭重定向执行php文件</span></strong></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">出于安全<span style="color: black;">思虑</span>防止别人上传木马执行如:你的网站url/as=你的网站url/sdf/muma.php,<span style="color: black;">这般</span>的重定向PHP文件是可执行的,将这个配置改为0之后这类型的重定向PHP文件就不会执行了。</span></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">这<span style="color: black;">亦</span>是<span style="color: black;">为何</span>有的网站总是被挂马的<span style="color: black;">原由</span>,<span style="color: black;">这般</span>修改之后即便是网站前台存在安全漏洞,被黑客上传了木马文件,<span style="color: black;">经过</span><span style="color: black;">这般</span>的方式木马文件不会运行,<span style="color: black;">因此</span><span style="color: black;">无</span>用。</span></span></p><span style="color: black;">cgi.force_redirect</span> = <span style="color: black;">0</span>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><span style="color: black;">4、</span></strong><span style="color: black;"><strong style="color: blue;"><span style="color: black;">禁止解析<span style="color: black;">违法</span>php文件</span></strong></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">如</span><span style="color: black;"><span style="color: black;">/a.jpg/1.php</span></span><span style="color: black;">这般</span>的<span style="color: black;">照片</span>下的一个php文件属于<span style="color: black;">违法</span>的,设置为0<span style="color: black;">便是</span>禁止执行。这种将木马伪装成<span style="color: black;">照片</span>上传的文件存在已久,禁止这类文件运行,即使被上传了木马,<span style="color: black;">因为</span>设置了不<span style="color: black;">准许</span>运行,<span style="color: black;">因此</span><span style="color: black;">无</span>用。</span></p><span style="color: black;">cgi.fix_pathinfo</span> = <span style="color: black;">0</span>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><span style="color: black;">5、关闭错误信息输出</span></strong></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">为了网络安全,关闭错误信息输出,防止他人恶意攻击。</span></p><span style="color: black;">display_error</span> = <span style="color: black;">Off</span>
    <span style="color: black;">error_reporting</span> = E_WARNING &amp; E_ERROR<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">在现实工作<span style="color: black;">咱们</span>都会在入口文件中<span style="color: black;">经过</span>【</span><strong style="color: blue;"><span style="color: black;">ini_set(display_errors, on);</span></strong>】开启错误信息进行调试</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">6、记录错误日志至后台, 方便追溯</span></strong></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;"><span style="color: black;">倘若</span>你的项目框架本身就<span style="color: black;">已然</span>做好日志记录的功能,<span style="color: black;">那样</span>你<span style="color: black;">能够</span>关闭PHP日志记录。</span></span></p><span style="color: black;">log_errors</span> = <span style="color: black;">On</span>
    <span style="color: black;">error_log</span> = /var/log/php_error.log<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><span style="color: black;">7、禁止远程执行phpshell</span></strong></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">include/require等<span style="color: black;">包括</span>函数<span style="color: black;">能够</span>加载远程文件,<span style="color: black;">倘若</span>远程文件没经过严格的过滤,<span style="color: black;">引起</span>了执行恶意文件的代码,这<span style="color: black;">便是</span>远程文件<span style="color: black;">包括</span>漏洞。</span></p><span style="color: black;">allow_url_include</span> = <span style="color: black;">Off</span>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">当然<span style="color: black;">咱们</span><span style="color: black;">平常</span>工作中经常会<span style="color: black;">运用</span>file_get_content函数获取资源,<span style="color: black;">然则</span>有些黑客会利用这点执行远程文件,从而获取服务器信息,<span style="color: black;">咱们</span><span style="color: black;">能够</span>在配置文件中禁止从远程服务器<span style="color: black;">或</span>网站检索数据</span></p><span style="color: black;">allow_url_fopen</span> = <span style="color: black;">Off</span>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">8、格式化时间</span></strong></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;"><span style="color: black;">重视</span><span style="color: black;">体积</span>写,默认<span style="color: black;">运用</span>北京时间(东8区),<span style="color: black;">这般</span><span style="color: black;">能够</span>使服务器时间和程序的时间一致,否则可能你发<span style="color: black;">文案</span><span style="color: black;">表示</span>的时时间会和<span style="color: black;">实质</span>时间不<span style="color: black;">同样</span>,<span style="color: black;">倘若</span>不设置时间可能会相差8小时,<span style="color: black;">亦</span><span style="color: black;">能够</span>设置为</span><span style="color: black;"><span style="color: black;">date.timezone = PRC</span></span> ,设置时区为中国时区,PRC是中国时区的简<span style="color: black;">叫作</span>。</span></p><span style="color: black;">date.timezone</span>=Asia/Shanghai<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">9、启用标记解析</span></strong></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;"><span style="color: black;">有些</span>网站的模板文件中<span style="color: black;">运用</span>了如&lt;? ?&gt;<span style="color: black;">这般</span>的php代码,可<span style="color: black;">保准</span>代码<span style="color: black;">能够</span>正常执行,在ecshop、dedecms和WordPress等模板中<span style="color: black;">亦</span>都<span style="color: black;">平常</span>于这类代码。</span></span></p><span style="color: black;">short_open_tag</span> = <span style="color: black;">On</span>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">常用的就这些了,后期想起其他的配置信息再给<span style="color: black;">大众</span>补上。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">有遗漏<span style="color: black;">或</span>不对的<span style="color: black;">能够</span>在我的公众号留言哦</span></p>
    <div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/tos-cn-i-qvj2lq49k0/862770eaded1448aa389119a445c5ad2~noop.image?_iz=58558&amp;from=article.pc_detail&amp;lk3s=953192f4&amp;x-expires=1728209510&amp;x-signature=SMZDmiqY3jfGK94slVuY1awx57Q%3D" style="width: 50%; margin-bottom: 20px;"></div>




页: [1]
查看完整版本: PHP配置优化