CSS自动换行
Nginx防盗链2

Nginx安全

网站开发Jun 5th,2009iocblog

如果用Nginx来做虚拟主机,目前看来安全的配置方法是:

 
1、用低权限账号运行Nginx。

2、在php.ini中禁用危险的函数。如:system,passthru,shell_exec,exec,popen,proc_open,chroot,scandir,chgrp,chown等,但禁止太多的函数可能对某些php程序的正常运行产生影响。

3、在php.ini中设置open_basedir,如:open_basedir = "/usr/local/webserver/nginx /html/www.iocblog.net_7da347bc1a9fd621/:/usr/local/webserver/nginx/html/www.iocblog.net_7da347bc1a9fd621/"

4、各个虚拟主机用户放在不易于猜到的目录,如:www.iocblog.net_7da347bc1a9fd621、www.iocblog.net_7da347bc1a9fd621

5、自己找一个php木马,自我测试服务器安全!

 

ps:    disable_functions=passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,

proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,

popepassthru,stream_socket_server

 禁止:dl()

 enable_dl = On/Off

相关文章:

Trackback url | Rss 2.0

已经有3个回复

  1. Nginx Says @ August 07th, 2009 at 02:40 pm

    open_basedir = "/myserver/:/tmp/:/var/tmp/"
  2.  Nginx Says @ August 07th, 2009 at 04:43 pm

    disable_functions = system,passthru,shell_exec,exec,popen,proc_open
  3. eric Says @ November 04th, 2009 at 10:32 pm

        disable_functions=passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status, ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server

看完了要说点啥么?