« Back to profile of FezSoft

  • php

    php security configuration

    a sample configuration to get great security for your server

    16:53 Dec 08 2010 | Tags : php,security,server,apache, 
    						/*
configuration of "php.ini"
*/

pico /usr/local/lib/php.ini  
 safe_mode = On
 expose_php = Off
 enable_dl = Off
 allow_url_fopen = Off
 open_basedir = On
 log_errors = On
 error_log = /path/to/logfile
 display_errors = Off
 register_global = Off
;

//disable functions
Disable_functions = dl,passthru,pfsockopen,system,exec,passthru,popen,shell_exec,proc_close,proc_open,proc_nice,proc_terminate,proc_get_status,posix_getpwuid,posix_uname,openlog,syslog,ftp_exec,posix_uname,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,get_current_user,getmyuid,getmygid,listen,chgrp,chmod,apache_note,apache_setenv,apache_child_terminate,closelog,debugger_off,debugge_on,ini_restore,imap,tempnam,netscript,copy,curl_init,curl_exec,curl,escapeshellcmd,escapeshellarg,tmpfile,cmd,backtick,virtual,show_sourc,show_source,pclose,pcntl_exec,ini_set,ini_get,ini_restore,php.ini,phpini,phpinfo,SQL,id,CURL,copy,ini_restore,imap


//replace (include_path ".:/usr/local/lib/php") 
//with (include_path "/usr/lib/php:/usr/local/lib/php:/tmp:/home")


/*
 configuration of "httpd.conf"
  replace (AllowOverride All) with (AllowOverride None)
  uncomment "LoadModule php4_module        libexec/libphp4.so"
  uncomment "AddModule mod_php4.c"
*/

//add this
<IfModule mod_php4.c>
  php_value include_path "/usr/lib/php:/usr/local/lib/php:/tmp:/home"
  php_admin_flag safe_mode On
  php_admin_flag expose_php Off
  php_admin_flag enable_dl Off
  php_admin_flag allow_url_fopen Off
  php_admin_flag open_basedir On
  php_admin_flag disable_functions dl,passthru,pfsockopen,system,exec,passthru,popen,shell_exec,proc_close,proc_open,proc_nice,proc_terminate,proc_get_status,posix_getpwuid,posix_uname,openlog,syslog,ftp_exec,posix_uname,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,get_current_user,getmyuid,getmygid,listen,chgrp,chmod,apache_note,apache_setenv,apache_child_terminate,closelog,debugger_off,debugge_on,ini_restore,imap,tempnam,netscript,copy,curl_init,curl_exec,curl,escapeshellcmd,escapeshellarg,tmpfile,cmd,backtick,virtual,show_sourc,show_source,pclose,pcntl_exec,ini_set,ini_get,ini_restore,php.ini,phpini,phpinfo,SQL,id,CURL,copy,ini_restore,imap
</IfModule>
Add comment
To add a comment, please : Login or Sign up
    FezSoft
    Simohammed chater
  • New visitor?

    On setCode, you can save your codes, functions and classes, you can also share them with your friends, and track your favorite developer

    Join the SetCode community
  • Your language here :