PHP安全配置范例

php安全配置

PHP 4.1~5.4，需要关闭register_globals

关闭错误显示

范例

System	Linux 98.199-245-23.rdns.scalabledns.com 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64
Build Date	Sep 21 2017 15:58:23
Configure Command	‘./configure’ ‘–prefix=/usr/local/php’ ‘–with-config-file-path=/usr/local/php/etc’ ‘–enable-fpm’ ‘–with-fpm-user=www’ ‘–with-fpm-group=www’ ‘–with-mysql=mysqlnd’ ‘–with-mysqli=mysqlnd’ ‘–with-pdo-mysql=mysqlnd’ ‘–with-iconv-dir’ ‘–with-freetype-dir=/usr/local/freetype’ ‘–with-jpeg-dir’ ‘–with-png-dir’ ‘–with-zlib’ ‘–with-libxml-dir=/usr’ ‘–enable-xml’ ‘–disable-rpath’ ‘–enable-bcmath’ ‘–enable-shmop’ ‘–enable-sysvsem’ ‘–enable-inline-optimization’ ‘–with-curl’ ‘–enable-mbregex’ ‘–enable-mbstring’ ‘–with-mcrypt’ ‘–enable-ftp’ ‘–with-gd’ ‘–enable-gd-native-ttf’ ‘–with-openssl’ ‘–with-mhash’ ‘–enable-pcntl’ ‘–enable-sockets’ ‘–with-xmlrpc’ ‘–enable-zip’ ‘–enable-soap’ ‘–with-gettext’ ‘–disable-fileinfo’
Server API	FPM/FastCGI
Virtual Directory Support	disabled
Configuration File (php.ini) Path	/usr/local/php/etc
Loaded Configuration File	/usr/local/php/etc/php.ini
Scan this dir for additional .ini files	(none)
Additional .ini files parsed	(none)
PHP API	20100412
PHP Extension	20100525
Zend Extension	220100525
Zend Extension Build	API220100525,NTS
PHP Extension Build	API20100525,NTS
Debug Build	no
Thread Safety	disabled
Zend Signal Handling	disabled
Zend Memory Manager	enabled
Zend Multibyte Support	provided by mbstring
IPv6 Support	enabled
DTrace Support	disabled
Registered PHP Streams	https, ftps, compress.zlib, php, file, glob, data, http, ftp, phar, zip
Registered Stream Socket Transports	tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters	zlib., convert.iconv., mcrypt., mdecrypt., string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk

Configuration

bcmath

BCMath support	enabled

Directive	Local Value	Master Value
bcmath.scale	0	0

cgi-fcgi

php-fpm	active

Directive	Local Value	Master Value
cgi.discard_path	0	0
cgi.fix_pathinfo	0	0
cgi.force_redirect	1	1
cgi.nph	0	0
cgi.redirect_status_env	no value	no value
cgi.rfc2616_headers	0	0
fastcgi.error_header	no value	no value
fastcgi.logging	1	1
fpm.config	no value	no value

Core

PHP Version	5.4.41

Directive	Local Value	Master Value
allow_url_fopen	On	On
allow_url_include	Off	Off
always_populate_raw_post_data	Off	Off
arg_separator.input	&	&
arg_separator.output	&	&
asp_tags	Off	Off
auto_append_file	no value	no value
auto_globals_jit	On	On
auto_prepend_file	no value	no value
browscap	no value	no value
default_charset	no value	no value
default_mimetype	text/html	text/html
disable_classes	no value	no value
disable_functions	passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,popen,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server	passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,popen,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server
display_errors	Off	Off
display_startup_errors	Off	Off
doc_root	no value	no value
docref_ext	no value	no value
docref_root	no value	no value
enable_dl	Off	Off
enable_post_data_reading	On	On
error_append_string	no value	no value
error_log	no value	no value
error_prepend_string	no value	no value
error_reporting	22527	22527
exit_on_timeout	Off	Off
expose_php	On	On
extension_dir	/usr/local/php/lib/php/extensions/no-debug-non-zts-20100525	/usr/local/php/lib/php/extensions/no-debug-non-zts-20100525
file_uploads	On	On
highlight.c