Php configuration anti-cross-site, anti-directory security

Now many websites are built using php, many of them are directly using the mature cms program, the security of these php-developed cms system may not be high, then you need We do some settings on the server for anti-cross-site, anti-cross directory and other settings for the PHP program, which can effectively prevent all php websites on the server from being maliciously tampered with. Scope of application and demonstration system Scope of application: php5.3 and above Demonstration system: centos anti-cross-site, anti-cross-directory security setting method Step 1: Log in to the linux system terminal. Step 2: Find and open the php configuration file. Step 3: Add the following code at the bottom of php.ini and save it. You can change the configuration of your website to the following code. [HOST=www.45it.com] open_basedir=/wwwroot/www.45it.com/:/tmp/[PATH=/wwwroot/www.45it.com] open_basedir=/wwwroot/www.45it.com/:/tmp /Note: After the above code is added, it is the anti-cross-site anti-direct directory security configuration, but there are some shortcomings, that is, for example, we run some php probes and some other programs may not work properly, if you want the website to be normal To run the php probe, add /tmp/followed by: /proc/Step 4: Add the code and save php.ini, then restart the php service to take effect.