Php Hardening option allow_url_fopen and allow_url_include
Set
Disabling this option prevents attackers from opening remote files from your server via file inclusion vulnerabilities.
Set
Disabling this option prevents attackers from including remote files from your server via file inclusion vulnerabilities.
PHP Checklist Parameter disable_functions
Values: A comma-separated list of functions to disable.
This parameter takes a comma-separated list of PHP functions you wish to disable. You will likely want to disable most or all of the PHP functions that have the ability to execute code remotely. You should take the time to talk to your developers and have them standardized on a particular function for shell operations as well.
Example:
User-Level PHP Handling Customization
When PHP 4 and PHP 5 are both enabled and served using the CGI, DSO, or suPHP configurations, cPanel lets the user select the default PHP version that processes .php files for all domains assigned to that account.
This interface is available in cPanel’s X3 theme under Software/Services >> PHP Configuration. Available settings are PHP 4, PHP 5, and System Default.
The chosen value is reflected in the .htaccess file in the user’s home directory. If a user requires file extensions other than .php to be processed by the selected version of PHP, add those file extensions after .php to the AddHandler line in the .htaccess file.
SafePHPCGI PHP options
SafePHPCGI — This option sets 2 flags for PHP that attempt to lock PHP to system php.ini files. This prevents users from using custom php.ini files when PHP is served via CGI. However, enabling this option does not prevent the use of custom php.ini files if PHP is running via mod_suphp.
Cpanel Important PHP options
Most PHP options simply enable an extension that is shipped with PHP.
CGI — This option is enabled by default. Disabling this option will cause a PHP CLI binary to install in /usr/bin/php and /usr/local/bin/php. When no CGI binary is available, your server will be unable to serve PHP requests without DSO.
Concurrent DSO patch — By default, Apache is unable to load libphp4 and libphp5 simultaneously. This option applies a patch to PHP that versions objects in libphp4 and libphp5. This option will also create new Apache directives so that both PHP 4 and 5 can be communicated with separately.
This option is not required if you will serve both versions of PHP via SuPHP, CGI, or FCGID.
Important: Compiled PHP extensions other than those shipped with PHP will not function correctly with this patch enabled. Enabling this module may also render some PECL and PEAR modules nonfunctional. Do not use this module unless you must serve both PHP 4 and 5 as DSOs and can work around other issues it will case.
Reference: http://cpanel.net/
Home serverbuddies
© 2024 ServerBuddies Support Blog.Original WP theme by: nodethirtythree
www.serverbuddies.com