![]() Maximum amount of time each script may spend parsing request data Upload_max_filesize = 2M #Maximum 2Mb of file user can upload To allow users to upload files of maximum size, update following configuration value. We can disable any unused module to load in the system by changing the configuration file name. PHP supports “Dynamic Extensions” to load in the PHP environment. The open_basedir directive set the directories from which PHP is allowed to access files Disable all the functions which can be harmful and not used in applications.ĭisable_functions =exec,shell_exec,passthru,system,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,proc_open,pcntl_exec We can disable any PHP function using the disable_functions directive in the PHP configuration file. If allow_url_fopen is enabled on your setup, It allows functions like file_get_contents() and the include and requires statements that can retrieve data from HTTP or FTP remote locations and execute their code.Īllow_url_include= Off #7. To hide this values from header edit php.ini and update below directive to OffĮxpose_php = Off #6. Restrict PHP Information Leakage (PHP)īy default, PHP installation exposes to the world that PHP is installed on the server, which includes the PHP version within the HTTP header (Eg: X-Powered-By: PHP/5.4.20). Add below in Apache virtual host configuration file. We can simply disable server-side includes and CGI execution by defining directory tag. Disable Server Side Includes and CGI (Apache) The Location directive limits the scope of the enclosed directives by URL. We can also restrict specific file using File directive like below. To restrict directory and files access from users, It will only allowed the ips are defined with Allow from. Restricting access on basis of Directory, File the Location in Apache. Restricting File and Directory Access (Apache) Add following configuration in Apache to disable directory listing server wide.Īfter that, you can enable a listing per-directory basis if required. Then all the files and directories list will be shown on the web page if no default document exists. If directory listing is enabled in Apache. ServerTokens – provides OS versions along with other confidential server details.ServerSignature – shows version of Apache.Edit the Apache configuration file and update the following directives as follows. The ServerSignature configures the footer on server-generated documents. The ServerTokens directive controls whether Server response header field which is sent back to clients. MySQL: /etc/mysql/my.cnf or /etc/mysql//mysqld.cnf.After making changes restart related services to change take effect. In some cases, the configuration files path may change. ![]() I am trying to include all those security tips which we must be considered while preparing a new system for production use or any existing LAMP setup.Īll the configuration changes used in this article will be updated in the following configuration files as per your operating systems. Please feel free to report any bugs or issues to us, email to: or open issues on Github.Many new system administrators forgot to apply security when configuring a web hosting environment for production use with Apache, MySQL, and PHP. etc/init.d/redis-server (start|stop|restart) ![]() etc/init.d/memcached (start|stop|restart) etc/init.d/mysqld (start|stop|status|restart) etc/init.d/httpd (start|stop|status|restart) usr/local/apache/conf/ssl/your_virtual_host usr/local/apache/conf/vhost/your_virtual_nf uninstall.sh Default Installation Location Apache Location If your server system: Amazon Linux 2/CentOS/Rocky Linux/AlmaLinux.Software Version Apache & Additional Modules Other Software: OpenSSL, ImageMagick, Memcached, phpMyAdmin, Adminer, Redis, re2c, KodExplorer.PHP Additional extensions: Zend OPcache, ionCube Loader, PDFlib, APCu, imagick, libsodium, memcached, redis, mongodb, swoole, yaf, yar, msgpack, psr, phalcon, grpc, xdebug.Apache Additional Modules: mod_wsgi, mod_security, mod_jk.Apache-2.4 (Include HTTP/2 module: mod_http2).And all things will be done in few minutes. You can install Apache + PHP + MySQL/MariaDB in an very easy way, just need to choose what you want to install before installation. LAMP is a powerful bash script for the installation of Apache + PHP + MySQL/MariaDB and so on.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |