如何配置Apache虚拟主机隔离

1、实现虚拟主机笼环境

a.upl.com /wwwroot/a.upl.com/
b.upl.com /wwwroot/b.upl.com/

    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot “/wwwroot/a.upl.com/”
    ServerName a.upl.com
    ErrorLog “logs/a.upl.com-error_log”
    CustomLog “logs/a.upl.com.com-access_log” common

   
       php_admin_value open_basedir “/wwwroot/a.upl.com/:/tmp:/var/lib/php/session”
   

   
       SuexecUserGroup daemon daemon
   

    ServerAdmin webmaster@dummy-host2.example.com
    DocumentRoot “/www”
    ServerName b.upl.com
    ErrorLog “logs/b.upl.com-error_log”
    CustomLog “logs/b.upl.com-access_log” common

   
       Order deny,allow
       allow from all
   

   
       php_admin_value open_basedir “/wwwroot/b.upl.com/:/tmp:/var/lib/php/session”
   

   
       SuexecUserGroup daemon daemon
   

2、实现禁止php后门执行系统指令

# vim /usr/local/lib/php.ini

disable_functiOns= phpinfo,gzcompress,apache_note,apache_setenv,proc_get_status,exec,passthru,proc_nice,proc_open,proc_terminate,shell_exec,system,popen,ini_restore,syslog,define_syslog_variables,symlink,link,error_log,leak,dbmopen,openlog,closelog,popen,pclose,stream_socket_server

关健是passthru函数，是它使后门可以执行系统指令
3、隐藏掉php信息
expose_php = On

4、关闭错误提示
display_errors = Off

5、使用php过滤单引号等特殊字符
; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = On

; Use Sybase-style magic quotes (escape ‘ with ” instead of \’).
magic_quotes_sybase = On
 如果打开了，有些php应用工作不正常

6、让php工作在安全模式（一般不用，设定很严格）
safe_mode = On