php安全优化及禁用函数

61378人浏览 / 1144人评论

一、禁用函数

disable_functions = phpinfo,eval,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,fsocket,fsockopen

二、隐藏php版本

expose_php Off

三、session名字可以泄露你的服务器采用php技术

session.name = PHPSESSID

伪装成Tomcat

session.name = JSESSIONID

四、隐藏PHP出错信息

display_errors = Off

五、socket流默认超时时间,单位秒

default_socket_timeout = 60

六、是否允许包含远程文件,线上要关闭,有安全风险

allow_url_include = Off

七、是否允许远程打开文件

allow_url_fopen = On

八、允许上传的单个文件大小

upload_max_filesize = 2M

九、post方式php可接收的最大数据量

post_max_size = 8M

十、是否输出php启动时的错误,生产环境要关闭

display_startup_errors = Off

十一、开启加速

zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1

opcache.huge_code_pages=1

十二、还有其他的
mysqlnd.collect_statistics = Off

sysctl vm.nr_hugepages=512
php.ini 增加支持
short_open_tag = On

 

网站:

https://www.cnblogs.com/yulibostu/articles/9791668.html#idp11

https://www.cnblogs.com/wadeyu/p/10707169.html

全部评论

2019-12-17 12:58
回复
angelina) AND 3112=CAST((CHR(113)||CHR(113)||CHR(107)||CHR(112)||CHR(113))||(SELECT (CASE WHEN (3112=3112) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(120)||CHR(120)||CHR(120)||CHR(113)) AS NUMERIC) AND (9026=9026
2019-12-17 12:58
回复
angelina' AND 3112=CAST((CHR(113)||CHR(113)||CHR(107)||CHR(112)||CHR(113))||(SELECT (CASE WHEN (3112=3112) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(120)||CHR(120)||CHR(120)||CHR(113)) AS NUMERIC) AND 'cpaa'='cpaa
2019-12-17 12:58
回复
angelina') AND 3112=CAST((CHR(113)||CHR(113)||CHR(107)||CHR(112)||CHR(113))||(SELECT (CASE WHEN (3112=3112) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(120)||CHR(120)||CHR(120)||CHR(113)) AS NUMERIC) AND ('JiCc'='JiCc
2019-12-17 12:58
回复
angelina AND (SELECT 2349 FROM(SELECT COUNT(*),CONCAT(0x71716b7071,(SELECT (ELT(2349=2349,1))),0x7178787871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- MwFD
2019-12-17 12:58
回复
angelina AND (SELECT 2349 FROM(SELECT COUNT(*),CONCAT(0x71716b7071,(SELECT (ELT(2349=2349,1))),0x7178787871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
2019-12-17 12:58
回复
angelina) AND (SELECT 2349 FROM(SELECT COUNT(*),CONCAT(0x71716b7071,(SELECT (ELT(2349=2349,1))),0x7178787871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND (5148=5148
2019-12-17 12:58
回复
angelina' AND (SELECT 2349 FROM(SELECT COUNT(*),CONCAT(0x71716b7071,(SELECT (ELT(2349=2349,1))),0x7178787871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'igde'='igde
2019-12-17 12:58
回复
angelina') AND (SELECT 2349 FROM(SELECT COUNT(*),CONCAT(0x71716b7071,(SELECT (ELT(2349=2349,1))),0x7178787871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND ('mBjM'='mBjM
2019-12-17 12:58
回复
(SELECT (CASE WHEN (6948=6948) THEN 'angelina' ELSE (SELECT 3350 UNION SELECT 3354) END))
2019-12-17 12:58
回复
(SELECT (CASE WHEN (6076=1714) THEN 'angelina' ELSE (SELECT 1714 UNION SELECT 7994) END))
搜索
个人微信号

有问题请加博主微信进行沟通!

最新文章
热门标签
梁泽宇的技术小屋~
copyright @ 2016~2021 (www.liangzeyu.com)