apache in win2003 security Settings of with folder permissions directory very good and safe
- 2020-05-06 12:01:28
- OfStack
Instead of starting apache, create a new account and set the appropriate permissions:
1. Create an account in the local user and group in the computer administration, for example: apache, password set to apacheuser, join the guests group (if there is a problem, you can grant user permission);
2. Open start-> Management tools -> Local security policy, select "login as a service" in the user permission allocation, add apache user;
3. Select service in computer management, find apache 2.2, stop service first, right - click > Property, select login, switch the menu box from the local system account to this account, and then look for select apache, enter the password apacheuser, and then click ok (this time apache is still not properly started, the general situation will certainly report an error: Apache2.2 service 1 (0x1) service error and stopped.) ;
4. Give apache installation directory (for example: D: / apache2. 2) and web directory (such as D: / wwwroot) apache read/write permissions of the account and remove the disk root directory all permissions, except administror and system give apache disk root directory to the location of the installation directory apache account can read the listed directory permissions (I'm beginning to think not necessary, but later found that this is the key in the wrong.)
5. Start apache, everything is OK.
6.php.ini specified PHP temporary upload directory and session save directory, and give the directory apache full control, e.g.
upload_tmp_dir = "D:/wwwroot/Tmp/uploadtmp/"
session.save_path = "D:/wwwroot/Tmp/sessiontmp/"
7. Give D:/php directory read and run the permission;
8. Give permission for zend installation directory to read and run;
9. Limit the directory you can access by changing httpd.conf in the conf folder in the apache installation directory, adding:
php_admin_value open_basedir "D:/wwwroot"
php_admin_value safe_mode On
Es76en.conf configuration (if you restrict PHP read and write permissions to E:\smis directory)
Example configuration of Apache2.0:
Es90en2.2 configuration example:
win2003 system apache, php, mysql installation and virtual host and directory permissions set
The installation of apache, php, mysql and the setting of virtual host and directory permissions under win2003 are introduced in this article, namely WAPM.
But unlike the packaged WAPM software, this software section recommends deployment on a formal server. Here we go:
Install pache, php, mysql
Install to the directory as you see fit, download and install the three software I no longer describe, should see this article on this part of the content will be considered redundant!
2 virtual host setting
Open.. \ Apache \ conf \ http conf
Remove the comment symbol
for the load virtual host from # Virtual hosts Include conf/extra/httpd-vhosts.conf
conf/extra/httpd/vhosts.conf configuration virtual host profile content:
Take my job site jobigg.com:
# 1 jobigg.com
My server is double ip, so
is configured a little differently in httpd-vhosts.conf and http.conf #Listen 11.11.11.11:80
Listen 80
If the IP address is not specified, then the dual ip can be used normally.
3. Reduce apache run permissions
3.1 create a new
account Create an account in the local user and group in the computer administration, for example: apache, password set to jobigg.com, join user group;
3.2 open start-> Management tools -> Local security policy, select "login as a service" in the user permission allocation, and add apache user
3.3 select the service in the computer management, find apache 2.2, stop the service first, right click -> Property, select login, switch the menu box from the local system account to this account, then look for select apache, enter the password jobigg.
3.4 give the apache installation directory (e.g. E:/ apache2.2) and web directory (e.g. D: / jobigg.com) read and write permissions to the apache account, remove all permissions except administror and system for each disk root directory, and give the apache account read and write column permissions
for the apache root directory where apache installation directory is located 3.5 restart apache
1. Create an account in the local user and group in the computer administration, for example: apache, password set to apacheuser, join the guests group (if there is a problem, you can grant user permission);
2. Open start-> Management tools -> Local security policy, select "login as a service" in the user permission allocation, add apache user;
3. Select service in computer management, find apache 2.2, stop service first, right - click > Property, select login, switch the menu box from the local system account to this account, and then look for select apache, enter the password apacheuser, and then click ok (this time apache is still not properly started, the general situation will certainly report an error: Apache2.2 service 1 (0x1) service error and stopped.) ;
4. Give apache installation directory (for example: D: / apache2. 2) and web directory (such as D: / wwwroot) apache read/write permissions of the account and remove the disk root directory all permissions, except administror and system give apache disk root directory to the location of the installation directory apache account can read the listed directory permissions (I'm beginning to think not necessary, but later found that this is the key in the wrong.)
5. Start apache, everything is OK.
6.php.ini specified PHP temporary upload directory and session save directory, and give the directory apache full control, e.g.
upload_tmp_dir = "D:/wwwroot/Tmp/uploadtmp/"
session.save_path = "D:/wwwroot/Tmp/sessiontmp/"
7. Give D:/php directory read and run the permission;
8. Give permission for zend installation directory to read and run;
9. Limit the directory you can access by changing httpd.conf in the conf folder in the apache installation directory, adding:
php_admin_value open_basedir "D:/wwwroot"
php_admin_value safe_mode On
Es76en.conf configuration (if you restrict PHP read and write permissions to E:\smis directory)
Example configuration of Apache2.0:
<VirtualHost *:80>
ServerName www.abc.com
DocumentRoot "E:/smis"
Options FollowSymLinks IncludesNOEXEC Indexes
DirectoryIndex index.html index.htm default.htm index.php default.php
AllowOverride None
Order Deny,Allow
Allow from all
php_admin_value open_basedir "E:/smis/;E:/APMServ5.2.0/PHP/uploadtemp/;E:/APMServ5.2.0/PHP/sessiondata/"
php_admin_value safe_mode On
</VirtualHost>
Es90en2.2 configuration example:
<VirtualHost *:80>
ServerName www.abc.com
DocumentRoot "E:/smis"
</VirtualHost>
<Directory "E:/smis">
Options FollowSymLinks IncludesNOEXEC Indexes
DirectoryIndex index.html index.htm default.htm index.php default.php
AllowOverride None
Order Deny,Allow
Allow from all
php_admin_value open_basedir "E:/smis/;E:/APMServ5.2.0/PHP/uploadtemp/;E:/APMServ5.2.0/PHP/sessiondata/"
php_admin_value safe_mode On
</Directory>
win2003 system apache, php, mysql installation and virtual host and directory permissions set
The installation of apache, php, mysql and the setting of virtual host and directory permissions under win2003 are introduced in this article, namely WAPM.
But unlike the packaged WAPM software, this software section recommends deployment on a formal server. Here we go:
Install pache, php, mysql
Install to the directory as you see fit, download and install the three software I no longer describe, should see this article on this part of the content will be considered redundant!
2 virtual host setting
Open.. \ Apache \ conf \ http conf
Remove the comment symbol
for the load virtual host from # Virtual hosts Include conf/extra/httpd-vhosts.conf
conf/extra/httpd/vhosts.conf configuration virtual host profile content:
Take my job site jobigg.com:
# 1 jobigg.com
<VirtualHost *:80>
ServerAdmin alavin.cui@gmail.com
DocumentRoot "D:/jobigg.com"
ServerName jobigg.com
ServerAlias www.jobigg.com
ErrorLog "logs/jobigg.com-error.log"
CustomLog "logs/jobigg.com-access.log" common
</VirtualHost>
My server is double ip, so
is configured a little differently in httpd-vhosts.conf and http.conf #Listen 11.11.11.11:80
Listen 80
If the IP address is not specified, then the dual ip can be used normally.
3. Reduce apache run permissions
3.1 create a new
account Create an account in the local user and group in the computer administration, for example: apache, password set to jobigg.com, join user group;
3.2 open start-> Management tools -> Local security policy, select "login as a service" in the user permission allocation, and add apache user
3.3 select the service in the computer management, find apache 2.2, stop the service first, right click -> Property, select login, switch the menu box from the local system account to this account, then look for select apache, enter the password jobigg.
3.4 give the apache installation directory (e.g. E:/ apache2.2) and web directory (e.g. D: / jobigg.com) read and write permissions to the apache account, remove all permissions except administror and system for each disk root directory, and give the apache account read and write column permissions
for the apache root directory where apache installation directory is located 3.5 restart apache