Do you want to know about one of the ways that
will help you to keep your server secure? That’s possible through the settings’
update of the php.ini file of the
server. This helps to secure the server. The method that needs to be used
depends on the version of EasyApache. Now that doesn’t mean that you won’t
implement other security measures and follow the best practices. Other security
measures should be used alongside these settings. If these settings are used as
a solitary solution for server security, then it can be perilous for the security
of the server. Malicious users are infamous for bypassing most hardening
measures. Another important point that needs to be mentioned here is that all
files with the .ini file extension are read by Apache. You must
manually update the custom .ini files.
Let us start by understanding what a server is, and then elaborate on the php.ini file’s editing process.
What is a Server?
A server is a hardware device or software. It
accepts and fulfils clients’ requests that are made over a network. A client is
any device, which generates requests for servers. The server sends its response
to the client that generated the request. Clients can be programs or devices. Service,
which is known as functionality, is provided by servers to their clients. It is
the client-server model that is used for this purpose.
Servers can be of many types. These include, but
are not limited to, database servers, application servers, file servers, game
servers, proxy servers, mail servers, print servers, web servers, etc. Let us
take the example of a web server to understand the functioning of a server more
effectively.
Web servers are one of the many types of servers.
These are provided by web hosting companies for the purpose of web hosting. Web
hosting is meant for rendering websites accessible over the Internet, and for
ensuring their online availability at all times. For this purpose, web servers
are used to store the files (content) of websites. These files are subsequently
delivered from the servers to the devices of users, who are trying to access
these sites. The files are transferred over the Internet. The requested web
content by the client from the server becomes accessible once the content
reaches the Internet connected device of the user.
Now, web hosting can be of many types. It’s main
types are VPS, shared hosting, dedicated hosting, reseller hosting, WordPress
hosting, cloud hosting, etc. In the competitive world of web hosting, every web
hosting company tries to deliver high uptime, fast page loading, powerful
security, 24*7 customer care service, and many similar but essential features. It
is the quality of service, and the affordability of hosting plans that ensure
that service providers, such as HTS
Hosting, gain a competitive edge, and earn the reputation of being the “Top Cloud Hosting Company”, the “Best Windows Hosting Company” as well as the “Best Website Hosting Company” globally.
Now that you know what a server is, let us touch
upon how to edit your php.ini file. The
php.ini file refers to the default
configuration file for running those applications that need PHP. It servers the
purpose of controlling certain variables, such as file timeouts, upload sizes,
and resource limits.
Editing in
EasyApache 3
It is recommended to edit this file only with the PHP Configuration Editor interface of
WHM.
WHM >> Home >> Service Configuration
>> PHP Configuration Editor.
Systems that run EasyApache 3, have the server’s php.ini file in the /usr/local/lib/ directory.
Editing in EasyApache
4
It is recommended to edit these files only with
the MultiPHP INI Editor interface of WHM. This ensures the existence of an
operable version of PHP on the system.
WHM >> Home >> Software >>
MultiPHP INI Editor.
PHP’s each version uses a separate php.ini file on those systems that run EasyApache 4.
Changes need to be made separately to each file. Each file is in the /opt/cpanel/ea-php72/root/etc/php.ini file. In it, 72 indicates the PHP version
number.
Directives
safe_mode – Many
problems which occur due to the use of PHP in a shared hosting environment are
solved by this directive. It compares the UID of the PHP script with that of
files and directories which it tries to access. When the UIDs don’t match, the
script access isn’t allowed by the system. It needs to be mentioned that PHP
5.3.0 deprecated this directive. Moreover, it was removed by PHP 5.4.0
- disable_functions – A list of PHP functions are disabled by this directive.
- register_globals – This directive can enable attackers to bypass your settings through the URL. It needs to be mentioned that PHP 5.3.0 deprecated this directive. Moreover, it was removed by PHP 5.4.0
- display_errors – PHP is allowed to print run-time errors to generated HTML pages, by this directive. Even when it is disabled, PHP can print errors to the appropriate error logs.
- allow_url_fopen – This directive enables attackers to open remote files from your server. This can be done via file inclusion vulnerabilities.
- allow_url_include – This directive enables attackers to include remote files from your server. This can be done via file inclusion vulnerabilities.
- file_uploads – This directive can enable attackers to move their scripts on to as well as off a server.
- open_basedir – This directive limits the operations of files to a specific directory. Attackers might attempt to include local files in PHP scripts. This enables them to access information about a server’s filesystem.
- session.cookie_httponly – This directive prevents JavaScript from accessing PHP session cookies, so that attackers cannot steal them.
- session.referer_check
– This directive lets it to check referrer values. A domain can be
specified to ensure that session information stays internally. In this way,
users won’t be able to expose session information while they are working on web
applications.
Source: https://www.htshosting.org/knowledge-base/technology/151/editing-your-php-ini-file
No comments:
Post a Comment