Uploading a predesigned site template


#1

i want to use a website designed by blu domain, a photographer site designer, but they are listing all of this requirements that i’m clueless about.

can anyone verify that i’m meeting this requirements?

REQUIREMENTS:::Please confirm with your server that they meet the following requirements:

  1. PHP 4.xx or 5.xx with:
    a. safe-mode must be disabled (turned off)
    b. register_globals must be set to on
    c. max_upload_filesize set to 6MB or above (or .htaccess
    files that can change the php.ini settings for individual
    accounts must be supported)
    d. extensions_dir setting in php.ini MUST EXIST. *** very important ***
    For windows servers this folder must be located
    on the same drive as the document root and scripts directory.
    e. SecFilterEngine must equal Off
    SecFilterScanPOST must equal Off
    f. php must have php gd library installed
    g. session_path must be set to a folder that exists
    h. thread safety must be set to Off

#2

There are a few issues with that list using the default PHP installations at DreamHost (things not mentioned here are not a problem with the Default DreamHost setup).

  1. You will have to use DreamHost’s PHP4 (or use other methods discussed in my summary remarks) to get the register_globals = “ON” setting (which, by the way, is a “bad” idea - the website builders providing the template site should know better!)

  2. You are likely to have issues with the “extensions_dir” setting, though there are workarounds if you know what you are doing with PHP configuration (see my summary remarks)

  3. SecFilterEngine must equal Off and SecFilterScanPOST must equal Off - is referring to “mod_security”, which DreamHost calls “Extra Web Security”. You can set this “on or off” via the DreamHost control panel. (again, see my summary remarks).

Summary: On DreamHost, you may, of course, create your own installation of PHP that facilitates all of these “requirements”, though it takes considerable knowledge of PHP installation and configuration to do so.

You might also consider that some of these requirements are “less than ideal” settings for security reasons. This is exacerbated by the fact that, as you didn’t write the code, you are completely defendant upon the expertise of, and care care taken by, the authors when it comes to producing a “secure” application. This is hard to evaluate sometimes with code written by others, or even yourself (depending upon your expertise).

Some of the settings you will have to change to meet the requirements of this application will actually reduce the security of your server by disabling some of the safeguards DreamHost has put in place for everyone’s protection - and I wouldn’t do it (but I understand that you might feel differently.) :wink:

–rlparker


#3

3) SecFilterEngine must equal Off and SecFilterScanPOST must equal Off - is referring to “mod_security”, which DreamHost calls “Extra Web Security”. You can set this “on or off” via the DreamHost control panel.

Hi…how do you do that? I am staring at Dreamhost control panel and I cannot find “Extra Web Security” feature on the left menu bar. Can you point me to it? I must be missing something.

Thanks!


#4

No problem! It’s not real “obvious” where to find that. :wink:

Go to the Control Panel -> Domains -> Manage Domains screen and look for the “edit” button for the Domain hosting.

Click that, and on the next screen you will see a “check box” for “Extra Web Security”. Just toggle that to “unselected”, save the new settings, and wait for it to “take” - you should then be “good to go” :wink:

–rlparker