拒绝php脚本访问父目录
[英]Deny php script to access parent directories
问题描述
I have created an online php compiler. 
我创建了一个在线php编译器。 The problem is that it makes my server vulnerable to the hackers. 问题在于,这使我的服务器容易受到黑客的攻击。 So i want to give the compiler a separate directory and restrict php script access to that directory only. 所以我想给编译器一个单独的目录,并限制php脚本只能访问该目录。 I have tried this 我已经试过了
<Directory /parentDirectory/childDirectoryOne>
php_admin_value open_basedir "/parentDirectory/childDirectoryOne"
</Directory>
But this created another problem. 但这带来了另一个问题。 I was no longer able to open than page of website. 我再也无法打开网站页面了。 It gave me internal server error. 它给了我内部服务器错误。 If I can restrict php to read, edit or delete files outside the directory that will also work or if I can restrict php to read, edit or delete all files with one exception. 如果我可以限制php读取,编辑或删除目录之外的文件(也可以使用该目录),或者我可以限制php读取,编辑或删除所有文件,只有一个例外。 I have cpanel for website so I can only do that through .htaccess. 我的网站使用cpanel,因此只能通过.htaccess进行。
1 个解决方案
解决方案1
1
This can be done at the operating system level. 这可以在操作系统级别完成。 Create a new user and only give them access to the coding directory and launch the PHP process as that user. 创建一个新用户,并仅授予他们访问编码目录的权限,并以该用户身份启动PHP进程。
But your code is wrong open_basedir "/parentDirectory/subDir" means even the PHP engine executing your index.php script can not run if it isn't in subDir. 但是您的代码是错误的open_basedir "/parentDirectory/subDir"意味着即使执行open_basedir "/parentDirectory/subDir"的PHP引擎也无法运行index.php脚本。 You could static code the parentDirectory or use my solution above. 您可以静态编码parentDirectory或使用上面的解决方案。 Storing open_basedir value in an apache file does not prevent execution by PHP-CLI or the command line. 将open_basedir值存储在apache文件中不会阻止PHP-CLI或命令行执行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.