PHP open_basedir Tweak

PHP open_basedir Tweak

The open_basedir tweak limits the user's ability to browse the file system with PHP. It prevents PHP's access to the user's home directory, the /tmpdirectory, and some necessary PHP system directories. This helps to protect your system from unauthorized access through PHP.

Note:

This security tweak modifies the Apache configuration file, regardless of the PHP handler that you select.

  • Apache only uses configuration file PHP directives if you select the DSO handler.

  • If you configure PHP to run as a CGI, suPHP, or FastCGI process, you must manually specify the open_basedir directive in the appropriate php.ini file. Each user requires their own php.ini files when you select a PHP handler that is not DSO. 

Enable the open_basedir tweak

To enable the open_basedir tweak, perform the following steps:

  1. Select the Enable php open_basedir Protection checkbox.
  2. Select the checkboxes that correspond to the domains that you wish to exclude.
  3. Click Save.

open_basedir directives

When you enable the open_basedir tweak, the system adds PHP directives to each Virtual Host in the httpd.conf file.

These directives limit users' PHP access to the following directories:

/usr/lib/php
/usr/local/lib/php
/tmp 
  • 0 Пользователи нашли это полезным
Помог ли вам данный ответ?

Связанные статьи

Apache mod_userdir Tweak

Apache mod_userdir Tweak The Apache mod_userdir Tweak interface allows you to prevent...

Compiler Access

Compiler Access This interface allows you to disable your users' access to the C and C++...

Configure Security Policies

Configure Security Polices The Configure Security Policies interface allows you to configure...

cPHulk Brute Force Protection

cPHulK Brute Force Protection This interface allows you to configure cPHulk, a service that...

Host Access Control

Host Access Control Warning: If you accidentally lock yourself out of WHM when you use this...