Ini_set
Overview
You can update the settings of your server’s php.ini tệp tin to help secure your server. The method lớn use depends on your version of EasyApache.
Bạn đang xem: Ini_set
You must also use other security measures with these settings. When you use these alone, your server’s security is at risk. Malicious users can bypass most hardening measures.
Apache reads all files with the .ini tệp tin extension. If you have a custom .ini file, you must update it manually.
Editing in EasyApache 3
On systems that run EasyApache 3, the /usr/local/lib/ directory contains your server’s php.ini file.
Editing in EasyApache 4
We recommend only editing these files with WHM’s MultiPHP INI Editor interface (WHM » home » Software » MultiPHP INI Editor). This ensures that an operable version of PHP exists on the system.
On systems that run EasyApache 4, each version of PHP uses a separate php.ini file. You must make changes separately to each file. Each tệp tin exists in the /opt/hostingvietnam.vn/ea-php72/root/etc/php.ini file, where 72 is the PHP version number.
Directives
| safe_mode | This directive helps solve many problems that occur with using PHP in a shared hosting environment. It compares the PHP script’s UID with the UIDs of files và directories that it tries to lớn access. If the UIDs don’t match, the system doesn’t allow the script access. | On |
| disable_functions | This directive disables a list of PHP functions. For example, you can disable ones that execute subprocesses. | A comma-separated danh sách of functions lớn disable. Xem thêm: Mua Bán Nhà Đất Quận 10 , Giá Từ 1 Tỷ Đến 2 Tỷ , Bất Động Sản Bán Tháng 12/2022 |
| register_globals | This directive can allow attackers to lớn bypass your settings via the URL. | Off |
| display_errors | This directive allows PHP khổng lồ print run-time errors lớn generated HTML pages. When you disable it, PHP can still print errors to the appropriate error logs. | Off |
| allow_url_fopen | This directive can allow attackers to open remote files from your server. They vì this via tệp tin inclusion vulnerabilities. | Off |
| allow_url_include | This directive can allow attackers khổng lồ include remote files from your server. They vị this via file inclusion vulnerabilities. | Off |
| file_uploads | This directive can allow attackers to lớn move their scripts on to & off of your server. | Off |
| open_basedir | This directive limits file operations khổng lồ a specific directory. Attackers may try khổng lồ include local files in PHP scripts. This can allow them lớn access information about your server’s filesystem. | ~/public_html |
| session.cookie_httponly | This directive keeps JavaScript from accessing PHP session cookies. This ensures that attackers can’t steal them. Xem thêm: Cách Thay Đổi Gmail Trên Android Chi Tiết, Thay Đổi Địa Chỉ Email Cho Tài Khoản Của Bạn | 1 |
| session.referer_check | This directive allows it to kiểm tra referrer values. You can specify a domain name to make sure that session information stays internal. Then, users won’t be able lớn expose session information when they’re working on a web application. |
