问题
I am running multiple PHP apps on my Mac, running OS X 10.5.6, Apache 2, PHP 5. I have subdomains setup for each project, a host file entries for each subdomain, and Virtual Directory blocks in the Apache config. So
project1.localhost goes to /Library/WebServer/Documents/Project1
project2.localhost goes to /Library/WebServer/Documents/Project2
etc...
However, this method doesn't really "isolate" the web apps. For example, if I include a script like so:
<?php
include("/includes/include.php");
?>
It references the script from the base directory of my computer. So it accesses
C:/includes/include.php
Is there a way for me to make it reference
C:/Library/WebServer/Documents/Project2/includes/include.php
Basically, make it so that its not aware of anything outside of its own directory. Also, is there a way to use php.ini's on a per subdomain basis as well?
回答1:
I believe it's possible to set a php.ini per virtual host
<VirtualHost *:80>
...
PHPINIDir /full/path/to/php/ini/
</VirtualHost>
this way you can customize open_basedir and others
回答2:
You can limit a scripts ability to see anything above a specific folder tree by adding the open_basedir directive a folder block in the httpd.conf file. It should look like:
<DIRECTORY /full/path/to/folder/containing/script/>
php_admin_value open_basedir "/full/path/to/top/folder/of/desired/tree/"
</DIRECTORY>
One thing - if you don't end the path with a / then it's a wildcard match. In other words, "/var/etc/my" will match "/var/etc/myFolder" as well as "/var/etc/myMothersFolder", while "/var/etc/my/" will only match that exact folder name.
回答3:
Regarding application isolation ~ is this in regards to securing PHP scripts so they cannot access others? Please elaborate -
Regarding php.ini - I am not aware of any way to use a specific php.ini per directory, but you could certainly create a php include page with a bunch of ini_set() lines, perhaps something like this ..
<?php
// in your header or along top of all php modules in your pap
require_once ( '/path/to/includes/ini_set.php' );
// ...
?>
and the ini_set.php script:
<?php
// one of these for each override of defaults set in php.ini file --
ini_set ( $varname, $newvalue );
ini_set ( $varname, $newvalue );
ini_set ( $varname, $newvalue );
?>
If you are interested in learning more about the ini_set() function, here is the documentation page on php.net: http://us3.php.net/ini_set
Hope this was somewhat helpful ~
回答4:
Best way to do so is to use PHP via FCGI (mod_fcgid). This way you can run PHP using a different user and a different php.ini per vHost.
Here's an example how to set up such a configuration on Ubuntu: http://www.howtoforge.com/how-to-set-up-apache2-with-mod_fcgid-and-php5-on-ubuntu-8.10
回答5:
If you want to use full path name, you can use that:
<?php
include dirname( __FILE__ ) . '/includes/include.php';
?>
Possible solution for php.ini file
回答6:
Try a relative path! Like:
<?php
include("./includes/include.php");
?>
or
<?php
include("includes/include.php");
?>
来源:https://stackoverflow.com/questions/639666/how-do-i-limit-php-apps-to-their-own-directories-and-their-own-php-ini