Shulou(Shulou.com)06/02 Report--

This article to share with you is related to weaving dream site advanced security strategy is what content. Xiao Bian thinks it is quite practical, so share it for everyone to make a reference. Let's follow the editor and have a look.

Dream weaving site advanced security strategy what?

Dream weaving DedeCMS site advanced security strategy (Linux article)

1. Install Apache File Access Module

In order to ensure that each virtual site has its own independent file access rights, we need to install the Apache security permission separation module. In the terminal, enter:

sudo apt-get install apache2-mpm-itk

2. Add administrative background Site control account

Next, we need to add an Apache running account for the background site. In the terminal, enter:

sudo useradd -g www-data -d /dev/null -s /usr/sbin/nologin www-admin

So we added a www-admin account, dedicated to controlling file access to the backend site.

3. Move the admin directory out and create a standalone site

After the default installation, the background management directory is/dede under the site change directory. For security reasons, we need to remove this directory, but in order to manage the site normally, we need to create a separate site for this background directory.

3.1. Mobile background management directory

We first create a directory, this directory is specially used to store background site files, in the terminal input:

sudo mkdir /var/dedecms-admin

Then move the Dreamweaver background to this folder and type:

sudo mv /var/dedecms/dede/* /var/dedecms-admin/

3.2. Create a virtual site

We need to create a new site to display the background. We can create a file named default-admin in/etc/apache2/site-enabled/directory, which reads as follows:

ServerName admin.dede.comServerAdmin webmaster@localhostDocumentRoot /var/dedecms-adminAssignUserId www-admin www-dataOptions FollowSymLinksAllowOverride NoneOptions Indexes FollowSymLinks MultiViewsAllowOverride NoneOrder allow,denyallow from all

After the creation is complete we restart the server and enter:

sudo service apache2 restart

Here we set the domain name of the background site to admin.dedecms.com Users can set more complex domain name forms according to their own circumstances, such as:

dedesiteadmin2008.dede.com

Then add a record pointing to the IP corresponding to the site domain name to the system host record to ensure that it can be accessed normally.

3.3. Set the permissions control account for the admin site directory

In order to ensure the security of background file access, we also need to set file access permissions for it, and enter:

sudo chown www-admin.www-data /var/dedecms-admin/

This assigns www-admin access to the directory.

3.4. Adjust background file configuration to ensure normal background access

Because we moved the admin background file directory directly, we will get an error when we visit admin.de.com. At this time, we need to adjust the directory configuration in the system.

(1)Find/var/dedecms-admin/config.php and change line 12

require_once(DEDEADMIN. '/../ include/common.inc.php');

changed to

require_once(DEDEADMIN. '/../ dedecms/include/common.inc.php');

Then add below this code:

$cfg_plus_dir = $cfg_phpurl = $cfg_basehost. "/".$ cfg_plus_dir;

(2)Find/var/dedecms-admin/login.php and change 11 lines

require_once(dirname(__FILE__). '/../ include/common.inc.php');

changed to

require_once(dirname(__FILE__). '/../ dedecms/include/common.inc.php');

(3)Find/var/dedecms/data/safe/inc_safe_config.php, line 2, change to

$safe_gdopen = '1,2,3,4,5,7′;

(4)Find/var/dedecms-admin/exit.php, line 11

require_once(dirname(__FILE__). '/../ include/common.inc.php');

changed to

require_once(dirname(__FILE__). '/../ dedecms/include/common.inc.php');

(5)Copy related files in include

We need to copy some files under the include folder to the admin site to ensure that the background is used properly:

mkdir /var/dedecms-admin/include/dialogsudo cp -R /var/dedecms/include/dialog/* /var/dedecms-admin/include/dialogmkdir /var/dedecms-admin/include/jssudo cp -R /var/dedecms/include/js/* /var/dedecms-admin/include/jssudo mkdir /var/dedecms-admin/include/ckeditorsudo cp -R /var/dedecms/include/ckeditor/* /var/dedecms-admin/include/ckeditor

4. reassign foreground Apache user rights

After setting, we need to reassign permissions to the foreground site. In the terminal, enter:

sudo chown -R www-admin.www-data /var/dedecms/

This sets the foreground user to www-admin, and then executes:

sudo chmod -R 755 /var/dedecms/

After this setting background management has the site operation authority, but the foreground browsing user does not have the authority to modify the file.

But here the foreground uploads need permission to upload, so you also need to execute:

sudo chmod -R 777 uploads/

5. Complete security configuration

In this way, we have completed the security settings of the system, and achieved the separation of permissions between the front and the background. Of course, you also need to configure php.ini to disable certain functions, and cooperate with the system to do all aspects of security settings.

Thank you for reading! About weaving dream site advanced security strategy is what to share here, hope the above content can have some help for everyone, so that we can learn more knowledge. If you think the article is good, you can share it so that more people can see it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.