Differences

This shows you the differences between two versions of the page.

--- linux:securingphp [2011/08/12 20:54] – rlunaro
+++ linux:securingphp [2018/01/05 23:06] – rlunaro
@@ Line 1: / Line 1: @@
+====== Securing PHP ======
+Here is my configuration / notes about securing a php installation.
+===== php_openbasedir must be configured per site =====
+In the apache configuration of the virtual host, **open_basedir** must be configured and must point
+to the directory of the web application or deeper, to ban php to open other files that aren't in the
+installation.
+Example:
+<code>
+    <Directory "/mywebsite">
+        php_admin_value open_basedir "/mywebsite:/dev/urandom"
+    </Directory>
+</code>
+===== include_path must be specified also and limited to the web directory or deeper =====
+''include_path'' is another funny thing. It specifies what php files can be read by the
+''include'' command: it's better to specify the more constrained directory possible: if the
+application has an "include" directory, specify this directory only, to avoid an attacker
+to read configuration files or other information.
+This configuration must be set per virtual host, and it's better to set a non-existent file
+in the main php.ini file.
+Example:
+<code>
+  php_admin_value include_path "/mywebsite/include/"
+</code>
+===== upload_tmp_dir must be set OUTSIDE YOUR WEBSITE =====
+**__This is a frequent source of problems__**. And I misunderstood that many times, until somebody
+kindly let me know about this, by injecting c99.php in my website. This directive configures
+the directory where upload files must be placed when loaded: it's a very bad idea to have them
+inside your website, because it allows an attacker to upload any php file and execute it afterwards.
+Example:
+<code>
+php_admin_value upload_tmp_dir "/tmp"
+</code>
+===== engine must be unset if the site doesn't need php  =====
+Configure ''engine on'' only if you need php in the virtual host:
+Example:
+<code>
+php_admin_flag engine On
+</code>