You can update the settings of your server’s php.ini tệp tin to help secure your server. The method lớn use depends on your version of EasyApache.

Bạn đang xem: Ini_set

You must also use other security measures with these settings. When you use these alone, your server’s security is at risk. Malicious users can bypass most hardening measures.

Apache reads all files with the .ini tệp tin extension. If you have a custom .ini file, you must update it manually.

Editing in EasyApache 3

On systems that run EasyApache 3, the /usr/local/lib/ directory contains your server’s php.ini file.

Editing in EasyApache 4

We recommend only editing these files with WHM’s MultiPHP INI Editor interface (WHM » home » Software » MultiPHP INI Editor). This ensures that an operable version of PHP exists on the system.

On systems that run EasyApache 4, each version of PHP uses a separate php.ini file. You must make changes separately to each file. Each tệp tin exists in the /opt/ file, where 72 is the PHP version number.


DirectiveDescriptionRecommended value
safe_modeThis directive helps solve many problems that occur with using PHP in a shared hosting environment. It compares the PHP script’s UID with the UIDs of files và directories that it tries to lớn access. If the UIDs don’t match, the system doesn’t allow the script access.
disable_functionsThis directive disables a list of PHP functions. For example, you can disable ones that execute subprocesses.A comma-separated danh sách of functions lớn disable.

Xem thêm: Mua Bán Nhà Đất Quận 10 , Giá Từ 1 Tỷ Đến 2 Tỷ , Bất Động Sản Bán Tháng 12/2022

register_globalsThis directive can allow attackers to lớn bypass your settings via the URL.
display_errorsThis directive allows PHP khổng lồ print run-time errors lớn generated HTML pages. When you disable it, PHP can still print errors to the appropriate error logs.Off
allow_url_fopenThis directive can allow attackers to open remote files from your server. They vì this via tệp tin inclusion vulnerabilities.Off
allow_url_includeThis directive can allow attackers khổng lồ include remote files from your server. They vị this via file inclusion vulnerabilities.Off
file_uploadsThis directive can allow attackers to lớn move their scripts on to & off of your server.Off
open_basedirThis directive limits file operations khổng lồ a specific directory. Attackers may try khổng lồ include local files in PHP scripts. This can allow them lớn access information about your server’s filesystem.
session.cookie_httponlyThis directive keeps JavaScript from accessing PHP session cookies. This ensures that attackers can’t steal them.

Xem thêm: Cách Thay Đổi Gmail Trên Android Chi Tiết, Thay Đổi Địa Chỉ Email Cho Tài Khoản Của Bạn

session.referer_checkThis directive allows it to kiểm tra referrer values. You can specify a domain name to make sure that session information stays internal. Then, users won’t be able lớn expose session information when they’re working on a web application.