Apache和PHP的安全性，限制子域 [英] Apache and PHP security, limiting subdomains

问题描述

我如果有禁用像的东西了shell_exec（）使用.htaccess文件什么的，而不是全局的方式只是好奇，但仅限于特定的子域或目录（可能禁用 fopen（）函数的子目录上述文件）。它发生，我认为在那里我有一个朋友，他可以使用PHP来获得看看外面他自己的共享目录子空间我的共享主机之一。

I'm just curious if there's a way to disable things like shell_exec() using the .htaccess file or something, not globally, but only for specific subdomains or directories (possibly disable fopen() on files above the subdir). It occurred to me that on one of my shared hosts where I'm sharing subdomain space with a friend he could use PHP to get a look at directories outside his own.

也许我可以使用mod_rewrite和发送任何通过将请求转发给它要去的地方前禁用某些事情PHP脚本的任何地方打？将这项工作，并会招致显著的性能损失？

Perhaps I could use mod_rewrite and send any hit anywhere through a PHP script that disables certain things before forwarding the request to where it was going? Would this work, and would it incur a significant performance penalty?

推荐答案

您可以以编程方式做到这一点：

You can do it programmatically:

的ini_set（'disable_functions选项'，'FOPEN，了shell_exec'）;

或的.htaccess ：

php_value disable_functions选项的fopen，了shell_exec

不应该有任何性能下降。我怀疑你会被反复改变在为（），而（）或<$ C $的设置C>的foreach（）循环。

There shouldn't be any performance degradation. I doubt you'll be changing the settings repeatedly inside a for(), while() or foreach() loop.

这篇关于Apache和PHP的安全性，限制子域的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！