Home ·  Knowledge Base ·  News ·  Contact  





 Knowledge Base

 Categories



Web Servers



Mail Servers



FTP Servers



Firewall / Security



Intrusion Detection



FreeBSD General



Solaris General



Linux General



Miscellaneous



Samba



MRTG



SQL



 Search

 


 Web Servers

Go Back  ·   Related Links

Hardening PHP.. adjust php.ini and/or apache directives  


;############ php.ini
disable_functions = phpinfo
; disables the phpinfo(). important to not disclose too
; much information about php configuration
expose_php = Off
; this will hide the value from the server signature
display_errors = Off
; production web server should have this turned Off.
; Optionally log errors to specific log files for debugging purposes
display_startup_errors = Off
; hide any errors on startup
register_globals = Off
; this comes stock now.. >= 4.2.0
magic_quotes_gpc = On
; need to protect SQL strings from possible sql injection.
; this can initially help. code should still check to see if it On and
; handle it appropriately
;############# end php.ini


############# apache directives
php_admin_value safe_mode 1
# set safe mode on a per site basis
# safe mode will disable many php functions, copy(), exec(), etc
# and restrict others.. fopen(), can only open if UID is the same as the calling page

php_admin_value open_basedir /var/www/some/site/
# safe mode will lock them down, this is good to have just in case safe mode is
# not set. open_basedir restricts users to files specified in open_basedir

php_admin_value safe_mode_exec_dir /some/executable/dir
# will only allow executing files from the specified directory

php_flag log_errors On
# will log all errors/notices

php_value error_reporting 2047
# error_reporting 2047 will log all errors = E_ALL

php_value error_log /var/www/some/site/log/directory
# log errors to specific directory

php_flag track_errors On
# the last error message will always be present in the variable $php_errormsg


 





How's your network?, Inc. © 2001-2018