One of the biggest
security challenge in server is php exploitation. Attackers can alter
php.ini settings in users directory and they can easily deface the
files. If you are uing suPHP handler in server, we can prevent this
type of exploitation by configuring the server to force the use of
the main server wide php.ini file and disable the use of custom
php.ini. suPHP forces PHP scripts to run as the cPanel user, and this
is a huge advantage over DSO handler and it enhances overall server
security.
Requiremet
Require root previlage
PHP handler should be
suPHP
Steps
Login as root via SSH.
Edit the file
/opt/suphp/etc/suphp.conf
vi
/opt/suphp/etc/suphp.conf
Search for
[phprc_paths] and then uncomment the following lines:
;application/x-httpd-php=/usr/local/lib/
;application/x-httpd-php4=/usr/local/php4/lib/
;application/x-httpd-php5=/usr/local/lib/
This is to configuring
the server to force the use of the main server wide php.ini file and
disable the use of custom php.ini
Save the file and
restart Apache
service httpd restart
if any client require
custom PHP settings, we can do it directly by editing the file
/usr/local/lib/php.ini and place user-based configurations at the end
of the file.
Vi
/usr/local/lib/php.ini
Exapmple:
[PATH=/home/bob/public_html/]
memory_limit = 128M
[PATH=/home/david/public_html/]
display_errors = On
upload_max_filesize =
160M
Save the file and
restart httpd:
Thats all!!
No comments:
Post a Comment