一. php配置
1.禁止一些函数
disable_functions = eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close
2. 配置error_log
display_errors=off
log_errors=on
error_log=/path/to/logfile
error_reporting = E_ALL | E_STRICT
3. 配置open_basedir
php.ini: open_basedir = /dir1/:/dir2
httpd.conf: php_admin_value open_basedir "/dir1/:/dir2/"
如果有多个站点的话,建议在虚拟主机配置文件中配置open_basedir。