Results 1 to 1 of 1
-
15th Jun 2014, 03:18 PM #1
Customizing PHP Safe Mode
We’ll guide you through using PHP safe_mode and how-to enable it and to customize it for certain sites on your server. When using PHP as an Apache module, you can also change the configuration settings using directives in Apache configuration files (e.g. httpd.conf) and .htaccess files. PHP safe_mode is very important to in terms of server security because it restricts and disables the dangerous functions in PHP from the scripts like PHP Shell that can otherwise cause damages to your server and client sites.
Using PHP Safe_Mode
First of all we’ll take care of the files that you will edit, and make sure to have copy or backup .
Activate Safe Mode Globally
It is very simple to active safe mode on the entire server. All you need to do is just edit the php.ini file. If you can’t find where php.ini is or have multiple copies on your server the best thing to do is run phpinfo() to find it. Open up Notepad or your favorite HTML editor and paste in the following from this file.
Code:http://www.webhostgear.com/phpinfo.phps
A few lines down you’ll see this:
Configuration File (php.ini) Path: /usr/local/Zend/etc/php.ini
Now that we know the location of php.ini we can proceed to edit it.
1) Open up php.ini in your shell with your favorite editing program.
pico /path to php/php.ini (replace with the path to your php.ini file)
2) Find the following line: safe_mode
Ctrl + W and type in: safe_mode
3) Turning safe mode on or off.
safe_mode = Off
safe_mode = On
4) Restart the Apache web server by
Code:/etc/init.d/httpd restart
Activate Safe Mode Using Per Site Basis
Now if you have scripts that require safe mode off like Modernbill or any script doesn't work well with safe_mode on what you will do? Disable safe_mode on the entire server just for these scripts? This isn’t very practical when you can disable php safe mode per user account/site basis.
Let’s do it!
1) SSH to your server and login as root.
2) Then find the httpd.conf, normally it’s in /etc/httpd/conf/ or /usr/local/apache/conf/
If it’s not in either of those places try search for it: locate httpd.conf
3) Then find the site you wish to edit.
Ctrl+W and type in the domain name
You should see something like this
<VirtualHost ***.***.***.***>
ServerAlias Index of / domain.net
ServerAdmin webmaster@domain.net
DocumentRoot /home/domain/public_html
BytesLog domlogs/domain.net-bytes_log
ServerName Index of /
User domain
Group domain
CustomLog domlogs/domain.net combined
ScriptAlias /cgi-bin/ /home/domain/public_html/cgi-bin/
</VirtualHost>
php_admin_flag safe_mode Off
We have also found that the following works as well if the above does not but DO NOT USE BOTH, pick one!
php_admin_value safe_mode 0
to be like this :
<VirtualHost ***.***.***.***>
ServerAlias Index of / domain.net
ServerAdmin webmaster@domain.net
DocumentRoot /home/domain/public_html
php_admin_flag safe_mode Off
BytesLog domlogs/domain.net-bytes_log
ServerName Index of /
User domain
Group domain
CustomLog domlogs/domain.net combined
ScriptAlias /cgi-bin/ /home/domain/public_html/cgi-bin/
</VirtualHost>
Ctrl + X then Y
6) Restart the Apache web server by
Code:/etc/init.d/httpd restart
PHP Safe mode should be on by default on all your servers for added security. However there are some scripts that are not compatible with it on so you have to make an exception to some client sites. Make sure you know why they’re requesting to have it turned off because it is much more secure for everyone to have it on.
If you run into trouble after editing httpd.conf you can run the apachectl configtest
in shell. This will test the Apache configuration for errors and report them back to you if you can’t start it, very handy indeed!
More PHP customizing commands here: http://php.us.themoes.org/manual/en/...on.changes.php
Article from: http://webhostgear.com/166.htmlAreon Reviewed by Areon on . Customizing PHP Safe Mode We’ll guide you through using PHP safe_mode and how-to enable it and to customize it for certain sites on your server. When using PHP as an Apache module, you can also change the configuration settings using directives in Apache configuration files (e.g. httpd.conf) and .htaccess files. PHP safe_mode is very important to in terms of server security because it restricts and disables the dangerous functions in PHP from the scripts like PHP Shell that can otherwise cause damages to your server and Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
How do I create a custom php.ini file?
By Areon in forum Server ManagementReplies: 0Last Post: 20th Mar 2014, 01:18 PM -
custom php.ini
By masterfaster in forum Server ManagementReplies: 2Last Post: 4th Jul 2011, 02:43 PM -
[Hiring] Custom PHP script
By adanrott in forum Completed TransactionsReplies: 2Last Post: 5th Jun 2011, 12:31 AM -
[Selling] Custom PHP Scripts - Cheap
By iL < in forum Completed TransactionsReplies: 19Last Post: 6th Jun 2010, 01:09 PM -
[Buying] Need a Custom php script
By -Im.z2ight- in forum Completed TransactionsReplies: 2Last Post: 30th Jan 2010, 09:38 PM
themaCreator - create posts from...
Version 3.23 released. Open older version (or...