Prevent use of php_flag

[NC-Designs]

Is there any way I can prevent the use of php_flag to all of my users on a shared server? I still want php to work. This is to prevent compromise of security.

Help would be appreciated, thanks.

 

[NiteWave]

please try if not yet:

php_flag engine off

http://theserverpages.com/php/manual/en/ref.apache.php

 

[NC-Designs]

Hi, thanks. Where abouts would I put this? I have tried it in VirtualHost entries in httpd.conf and 'Apache Style Configurations' in LiteSpeed panel.

No luck yet.

 

[mistwang]

You need to explicitly set the php.ini configuration entries that you do not want to be overridden by users with "php_admin_flag ...".
You should set it in httpd.conf for vhost configured though httpd.conf

 

[NC-Designs]

You need to explicitly set the php.ini configuration entries that you do not want to be overridden by users with "php_admin_flag ...".
You should set it in httpd.conf for vhost configured though httpd.conf

I see. Is there any way I can do this through the LiteSpeed panel to apply to all vhosts through Apache Style Configurations rather than doing them one by one under httpd.conf?

Appreciate the help though.

 

[mistwang]

You can put it in httpd.conf global section, not in each vhost.

 

[NC-Designs]

You can put it in httpd.conf global section, not in each vhost.

Hi, tried doing that and getting the following error -

Syntax error on line 48 of /usr/local/apache/conf/httpd.conf.1281821754:
Invalid command 'php_admin_flag', perhaps misspelled or defined by a module not included in the server configuration

 

[mistwang]

You need to make it conditional when mod_php is used. Apache will ignore it, and LSWS will pick it up.

 

[NC-Designs]

You need to make it conditional when mod_php is used. Apache will ignore it, and LSWS will pick it up.

Managed to get it working in the end using this. Had to go within each virtualhost though rather than global. Thanks.