IIS环境下比较容易实现,可以通过独立“匿名访问账户” + NTFS权限来防止。
查了一下,Apache下类似IIS的独立虚拟主机账户的方案貌似不太好实现,但有一种更简单的方法:
就是在VirtualHost节中通过添加
php_admin_value open_basedir /data/wwwroot/www.xxxxx.com
来限制当前虚拟主机PHP的操作权限仅在/data/wwwroot/www.xxxx.com目录下。
我用Phpspy测试了一下,果然很有效,未加该限制时可以列出文件)。
注意:
因为Web服务器在处理文件上传时会用到系统的临时目录(对于Linux来说就是/tmp),所以还必须要有这个目录的操作权限才可以。
php_admin_value open_basedir支持同时设置多个目录,目录之前要用:分隔。完整如下:
php_admin_value open_basedir /data/wwwroot/www.redicecn.com/:/tmp/
来自于PHP官方的更多说明:http://www.php.net/manual/en/ini.core.php#ini.open-basedir www.chnhack.com
open_basedir stringLimit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.
When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it’s not possible to
avoid this restriction with a symlink. If the file doesn’t exist then the symlink couldn’t be resolved and the filename is compared to (a resolved) open_basedir .
The special value . indicates that the working directory of the script will be used as the base-directory. This is, however, a little dangerous as the working directory of the script can easily be changed with chdir().
In httpd.conf, open_basedir can be turned off (e.g. for some virtual hosts) the same way as any other configuration directive with “php_admin_value open_basedir none“.
Under Windows, separate the directories with a semicolon. On all other systems, separate the directories with a colon. As an Apache module, open_basedir paths from parent directories are now automatically inherited.
The restriction specified with open_basedir is a directory name since PHP 5.2.16 and 5.3.4. Previous versions used it as a prefix. This means that “open_basedir = /dir/incl” also allowed access to “/dir/include” and “/dir/incls” if they exist. When you
want to restrict access to only the specified directory, end with a slash. For example: open_basedir = /dir/incl/
The default is to allow all files to be opened.
Note:
As of PHP 5.3.0 open_basedir can be tightened at run-time. This means that if open_basedir is set to /www/ in php.ini a script can tighten the configuration to /www/tmp/ at run-time with ini_set(). When listing several directories, you can use the PATH_SEPARATOR
另外看到了另外一种设置临时目录的方法: http://brandonwamboldt.ca/multiple-directories-w-php-open_basedir-540/
php_admin_value open_basedir /var/www/vhosts/saebermedia.com
php_admin_value upload_tmp_dir /var/www/vhosts/saebermedia.com/.tmp
分享到:
相关推荐
长安刺客+-+旁注杀手+v1.0+Beta3+测试版.rar
WEB旁注爬虫WEB旁注爬虫WEB旁注爬虫WEB旁注爬虫WEB旁注爬虫
明小子旁注工具
3EST 旁注扫描器 主要是旁注
虚拟主机域名查询、二级域名查询、整站目录扫描(多线程)、网站批量扫描(多线程) 自动检测网站排名、自动读取\修改Cookies、自动检测注入点! 2:综合上传功能介绍 动网论坛上传漏洞功能、动力系统上传漏洞功能、...
响亮的标题,专版旁注扫描工具> 没错这就是传说Helen专属VIP旁注工具,传说是Helen用J8语言写的。相当给力。所以资源分也就贵了那么点。不过在贵也不能阻止人类对Helen大黑阔的热爱!
SQL旁注精华珍藏版代码.doc SQL旁注精华珍藏版代码.doc
旁注工具详细教程,手工拿站详细教程。网站漏洞自检说明
今生情缘旁注查询工具
国外 旁注 工具,支持 中文 解析数据库路径,数据库类型
WEB旁注入侵检测
渗透入侵\tools旁注
快速旁注工具~用于快速旁注网站,资料,渗透
marginotes 是一款快速易用的、炫酷的旁注工具,采用jQuery开发。使用示例:直接给HTML标签添加属性 href="https://www.gatesnotes.com/" desc="Original, right?">Bill Gates$("selector").marginotes(options)...
没乱说 自己用工具 在网样的网络下 对同样的域名 进行旁注看看就知道了 功能: 使用必应接口 快速查询 服务器 旁站域名/C段域名 (要自己申请Key 才可查询 ) 1 同服查询/C段查询 (当Key失效,程序会自动轮循) 2 ...
采用Python和sqlite制作的C段旁注查询工具。适合Linux/Unix下使用。用于从bing搜索引擎接口获取当前C段所有IP的收录记录,并存储于sqlite之中,可直接输出为HTML文件。
旁注王V2.1.zip 用网站旁注等等用处,我也没有使用,送给大家用用
同服旁注查询工具v1.2 采用 4个常用查询 站长 爱站 去查 reverse ip lookup 一个国外查询很厉害的 reverse ip lookup 这个有点时候好像不好使。
明小子Domain3.6旁注检测
WEB旁注入侵检测.exe