windows server 2008 r2上IIS7.5下面安全运行php-fastcgi

如何在windows server 2008 r2上IIS7.5下面安全运行php-fastcgi,微软给出了下面一些建议,朋友们在配置服务器的时候可以参考注意一下下!

Security Isolation for PHP Web Sites

The recommendation for isolating PHP Web sites in a shared hosting environment is consistent with all general security isolation recommendations for IIS 7. In particular, it is recommended to:

  • Use one application pool per Web site
  • Use a dedicated user account as an identity for the application pool
  • Configure an anonymous user identity to use the application pool identity
  • Ensure that FastCGI impersonation is enabled in the php.ini file (fastcgi.impersonate=1)

PHP Security Recommendations

The following settings can be used to tighten the security of a PHP installation. To make the recommended changes, locate and open the php.ini file and edit the configuration settings as described below:

Setting Description
allow_url_fopen=Off
allow_url_include=Off
Disable remote URLs for file handling functions, which may cause code injection vulnerabilities.
register_globals=Off Disable register_globals.
open_basedir=”c:\inetpub\” Restrict where PHP processes can read and write on a file system.
safe_mode=Off
safe_mode_gid=Off
Disable safe mode.
max_execution_time=30
max_input_time=60
Limit script execution time.
memory_limit=16M
upload_max_filesize=2M
post_max_size=8M
max_input_nesting_levels=64
Limit memory usage and file sizes.
display_errors=Off
log_errors=On
error_log=”C:\path\of\your\choice”
Configure error messages and logging.
fastcgi.logging=0 The IIS FastCGI module will fail the request when PHP sends any data on stderr by using the FastCGI protocol. Disable FastCGI logging to prevent PHP from sending error information over stderr and generating 500 response codes for the client.
expose_php=Off Hide the presence of PHP.
目前共 0 条评论