Phprc & Suhosin


#1

So I have something new on my server that I have never came across Suhosin. I look it up and pretty much understand it a extra line of security for the security.

So I have a php 5.3 with a phprc file that runs all my domains. So far I have this in the fail.


zend_optimizer.optimization_level=15
zend_extension=/home/user/.php/lib/ZendGuardLoader.so

This is what I get on from my software.

Suhosin Enabled
The minimum recommended value for the configuration option ‘suhosin.post.max_vars’ is 4096, however your value is 1000. Your host will need to change this in the php.ini file.

Suhosin Enabled
The minimum recommended value for the configuration option ‘suhosin.request.max_vars’ is 4096, however your value is 1000. Your host will need to change this in the php.ini file.

Suhosin Enabled
The minimum recommended value for the configuration option ‘suhosin.get.max_value_length’ is 2000, however your value is 512. Your host will need to change this in the php.ini file.

Suhosin Enabled
The minimum recommended value for the configuration option ‘suhosin.request.max_varname_length’ is 350, however your value is 64. Your host will need to change this in the php.ini file.

So from that I look up that I can change the values with this I believe.


[suhosin]
suhosin.post.max_vars = 4096
suhosin.request.max_vars = 4096
suhosin.get.max_value_length = 2000
suhosin.request.max_varname_length = 350

Now I have to change some of the php files to allow a higher value then what is set. These value are like this I believe.


max_execution_time = 1600
max_input_time = 1600
memory_limit = 128M
upload_max_filesize = 128M
max_file_uploads= 128M
post_max_size = 128M

Now that I got all the background information out of the way, here are my questions. How can I put all this in the phprc and not cause issues with one another and make the server see it and work. Currently the zend_optimizer is install and working with the sever that part I can confirm. This phprc is new to me and any if anybody can help, thanks a bunch.


#2

Just think of your phprc as a parent to the php.ini - any (allowed) directives you add to the phprc will trump the “default” php.ini values.

The phprc will affect all child elements for that user. If you need alternate or highly custom settings for some domains and not for others, the best approach is to create a user for the domains that require a specific environment to function correctly and move the domain(s) over to that userspace.


#3

I would like all the other domains to have the same settings. So I can just apply everything I have above directly in to the phprc as is it currently and it will work?


#4

The phprc will affect the PHP environment for all domains under that user.


#5

Thus just posting what I have above will work then?


#6

It would take just minutes to test.


#7

Never mind someone help out! :slight_smile: Thanks all