完美解决Nginx的跨站(防WEBshell)的问题,作者亲测,需要更改php源程序后,重新编译php。在使用fpm方式安装时,打补丁过程中会修改php的文件,所以需要在打完fpm补丁后再修改php源程序。

tar zxvf php-5.2.14.tar.gz
gzip -cd php-5.2.14-fpm-0.5.14.diff.gz | patch -d php-5.2.14 -p1
cd php-5.2.14/

vi  main/fopen_wrappers.c


/* {{{ php_check_open_basedir
*/
PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC)
{
        /* Only check when open_basedir is available */
        if (PG(open_basedir) && *PG(open_basedir)) {
                char *pathbuf;
                char *ptr;
                char *end;

// 添加的内容开始

               char *env_document_root = sapi_getenv("DOCUMENT_ROOT", sizeof("DOCUMENT_ROOT")-1 TSRMLS_CC);
                if (php_check_specific_open_basedir(ptr, path TSRMLS_CC) == 0) {
                        efree(env_document_root);
                        return 0;
                }

                // 添加的内容结束

                pathbuf = estrdup(PG(open_basedir));

                ptr = pathbuf;

                while (ptr && *ptr) {
                        end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
                        if (end != NULL) {
                                *end = '\0';
                                end++;
                        }

                        if (php_check_specific_open_basedir(ptr, path TSRMLS_CC) == 0) {
                                efree(pathbuf);
                                return 0;
                        }

                        ptr = end;
                }
                if (warn) {
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s)", path, PG(open_basedir));
                }
                efree(pathbuf);
                errno = EPERM; /* we deny permission to open it */
                return -1;
        }

        /* Nothing to check... */
        return 0;
}






在5.3.3以上已经增加了HOST配置,可以起到防跨站、跨目录的问题。如果你是PHP 5.3.3以上的版本,可以修改/usr/local/php/etc/php.ini在末尾里加入:



[HOST=www.qhd5u.com]
open_basedir=/home/wwwroot/www.qhd5u.com/:/tmp/
[PATH=/home/wwwroot/www.qhd5u.com]
open_basedir=/home/wwwroot/www.qhd5u.com/:/tmp/

然后重启nginx和php-fpm

然后用中国菜刀等工具测试即可发现Nginx已经支持防跨站
Tags:
Nginx下存在跨站和跨目录的问题,跨站和跨目录影响同服务器/VPS上的其他网站,最近看PHP 5.3,在5.3.3以上已经增加了HOST配置,可以起到防跨站、跨目录的问题。如果你是PHP 5.3.3以上的版本,可以修改/usr/local/php/etc/php.ini在末尾里加入:


[HOST=www.qhd5u.com]
open_basedir=/home/wwwroot/qhd5u_com/:/tmp/
[PATH=/home/wwwroot/qhd5u_com]
open_basedir=/home/wwwroot/qhd5u_com/:/tmp/

vps性能测试

lrenwang , 2013/07/03 22:09 , Linux , 锁定(0) , 阅读(2089) , Via 本站原创

yum -y install perl-Time-HiRes
wget https://byte-unixbench.googlecode.com/files/unixbench-5.1.2.tar.gz
tar zxvf unixbench-5.1.2.tar.gz
cd unixbench-5.1.2
vi Makefile
找到GRAPHIC_TESTS = defined这一行,注释掉,保存
./Run





电信通512Mb内存测试结果

Benchmark Run: Thu Jul 04 2013 08:07:33 - 08:35:33
1 CPU in system; running 1 parallel copy of tests

Dhrystone 2 using register variables        2901023.3 lps   (10.0 s, 7 samples)
Double-Precision Whetstone                      648.8 MWIPS (9.2 s, 7 samples)
Execl Throughput                                810.7 lps   (29.7 s, 2 samples)
File Copy 1024 bufsize 2000 maxblocks         95505.7 KBps  (30.0 s, 2 samples)
File Copy 256 bufsize 500 maxblocks           26935.4 KBps  (30.0 s, 2 samples)
File Copy 4096 bufsize 8000 maxblocks        251129.0 KBps  (30.0 s, 2 samples)
Pipe Throughput                              159680.9 lps   (10.0 s, 7 samples)
Pipe-based Context Switching                  32256.3 lps   (10.0 s, 7 samples)
Process Creation                               2185.5 lps   (30.0 s, 2 samples)
Shell Scripts (1 concurrent)                    679.4 lpm   (60.1 s, 2 samples)
Shell Scripts (8 concurrent)                     81.5 lpm   (60.6 s, 2 samples)
System Call Overhead                         125200.6 lps   (10.0 s, 7 samples)

System Benchmarks Index Values               BASELINE       RESULT    INDEX
Dhrystone 2 using register variables         116700.0    2901023.3    248.6
Double-Precision Whetstone                       55.0        648.8    118.0
Execl Throughput                                 43.0        810.7    188.5
File Copy 1024 bufsize 2000 maxblocks          3960.0      95505.7    241.2
File Copy 256 bufsize 500 maxblocks            1655.0      26935.4    162.8
File Copy 4096 bufsize 8000 maxblocks          5800.0     251129.0    433.0
Pipe Throughput                               12440.0     159680.9    128.4
Pipe-based Context Switching                   4000.0      32256.3     80.6
Process Creation                                126.0       2185.5    173.5
Shell Scripts (1 concurrent)                     42.4        679.4    160.2
Shell Scripts (8 concurrent)                      6.0         81.5    135.9
System Call Overhead                          15000.0     125200.6     83.5
                                                                   ========
System Benchmarks Index Score                                         161.1

貌似有点不给力阿






阿里云性能还不错

1 CPU in system; running 1 parallel copy of tests

Dhrystone 2 using register variables        6477489.5 lps   (10.0 s, 7 samples)
Double-Precision Whetstone                     1137.4 MWIPS (10.2 s, 7 samples)
Execl Throughput                               3007.4 lps   (29.9 s, 2 samples)
File Copy 1024 bufsize 2000 maxblocks        294814.0 KBps  (30.0 s, 2 samples)
File Copy 256 bufsize 500 maxblocks           85384.9 KBps  (30.0 s, 2 samples)
File Copy 4096 bufsize 8000 maxblocks        791041.2 KBps  (30.0 s, 2 samples)
Pipe Throughput                              550845.7 lps   (10.0 s, 7 samples)
Pipe-based Context Switching                 160950.5 lps   (10.0 s, 7 samples)
Process Creation                              11333.3 lps   (30.0 s, 2 samples)
Shell Scripts (1 concurrent)                   3331.8 lpm   (60.0 s, 2 samples)
Shell Scripts (8 concurrent)                    466.8 lpm   (60.0 s, 2 samples)
System Call Overhead                         502844.2 lps   (10.0 s, 7 samples)

System Benchmarks Index Values               BASELINE       RESULT    INDEX
Dhrystone 2 using register variables         116700.0    6477489.5    555.1
Double-Precision Whetstone                       55.0       1137.4    206.8
Execl Throughput                                 43.0       3007.4    699.4
File Copy 1024 bufsize 2000 maxblocks          3960.0     294814.0    744.5
File Copy 256 bufsize 500 maxblocks            1655.0      85384.9    515.9
File Copy 4096 bufsize 8000 maxblocks          5800.0     791041.2   1363.9
Pipe Throughput                               12440.0     550845.7    442.8
Pipe-based Context Switching                   4000.0     160950.5    402.4
Process Creation                                126.0      11333.3    899.5
Shell Scripts (1 concurrent)                     42.4       3331.8    785.8
Shell Scripts (8 concurrent)                      6.0        466.8    778.0
System Call Overhead                          15000.0     502844.2    335.2
                                                                   ========
System Benchmarks Index Score                                         577.7
之前php和Mysql在同一台服务器上倒没有关注这个问题,后来又新上了一台服务器,就开始把所有的数据库放在一台服务器,一台服务器专门跑web,后来发现一个奇怪的现象,php网页连接mysql的时候速度超级慢,打开非常费劲,很是苦恼,想了下不是防火墙的问题也不是php程序的问题,开始考虑是不是网络延迟过大,不过是同一个网段也不应该存在这个问题才是,于是把Mysql和php全部重新安装了一遍,问题依旧,无奈~~~~~于是google 搜索了一下找到了答案:

首先找到你mysql的安装目录然后,打开my.ini我的是windows server,如果是Linux服务器那个文件就是my.conf;

然后在[mysqld]选项下面添加:

skip-name-resolve

这个选项的意思是:禁用DNS解析,连接速度会快很多。

然后保存,重启mysql服务器,问题解决!!


注意:经本人测试,修改之后mysql用户主机权限为localhost时会提示“[1045] Access denied for user 'root'@'localhost' (using password: YES)”错误;需将用户主机权限设置为任意主机时正常;

另外本地调用127.0.0.1无效 改成localhost则OK

php验证身份证

lrenwang , 2013/04/08 15:39 , Php , 评论(0) , 阅读(2575) , Via 本站原创

<?php
function idcard_check($idcard)
{
    switch (strlen($idcard))
    {
        case 18:
            $idcard_base = substr($idcard, 0, 17);

            $factor = array(7, 9, 10, 5, 8, 4, 2, 1, 6, 3, 7, 9, 10, 5, 8, 4, 2);

            // 校验码对应值
            $verify_number_list = array('1', '0', 'X', '9', '8', '7', '6', '5', '4', '3', '2');

            $checksum = 0;
            for ($i = 0;$i < strlen($idcard_base);$i++)
            {
                $checksum += substr($idcard_base, $i, 1) * $factor[$i];
            }

            $mod = $checksum % 11;
            $verify_number = $verify_number_list[$mod];

            if ($verify_number != strtoupper(substr($idcard, 17, 1)))
            {
                return false;
            }else{
                return true;
            }
            break;
        case 15:
            if (array_search(substr($idcard, 12, 3), array('996', '997', '998', '999')) !== false){
                $idcard = substr($idcard, 0, 6) . '18'. substr($idcard, 6, 9);
            }else{
                $idcard = substr($idcard, 0, 6) . '19'. substr($idcard, 6, 9);
            }
            $idcard = $idcard . idcard_verify_number($idcard);
            return idcard_check($idcard);
            break;
        default:
            return 0;
    }
}

var_dump(idcard_check('130302197303110452'));
?>


转自 http://www.qhd5u.com/knowledge/61.html
分页: 8/49 第一页 上页 3 4 5 6 7 8 9 10 11 12 下页 最后页 [ 显示模式: 摘要 | 列表 ]