Apache and PHP security, subdomain restriction

Question

Apache and PHP security, subdomain restriction

I'm just wondering if there is a way to disable things like shell_exec() using a .htaccess file or something not globally, but only for specific subdomains or directories (maybe disable fopen() in the files above the subdirectory). It occurred to me that on one of my shared hosts, where I share the subdomain space with a friend, he could use PHP to look at directories outside of his own.

Perhaps I could use mod_rewrite and send any hits anywhere through a PHP script that disables some things before sending the request to where it goes? Will it work, and will it have a significant performance penalty?

0

security php apache

Kevin Nov 15 '10 at 7:21

source share

3 answers

You can do this with the .htaccess file:

http://www.askapache.com/php/custom-phpini-tips-and-tricks.html#m0-askapache12

0

helloandre Nov 15 '10 at 7:27

source share

I believe that these things need to be changed in the php.ini file. Some hosts allow you to have multiple php.ini files in the file structure. If you are in a shared hosting environment, you are likely to have one php.ini file for all shared accounts. The host understands that this is a problem, so they allow you to have your own in your home directory for the subdirectory ... check with your host.

0

Jason Nov 15 '10 at 7:29

source share

stillstanding · Accepted Answer · 2010-11-15T07:27:27+0000

You can do this programmatically:

ini_set('disable_functions', 'fopen,shell_exec');

or in .htaccess :

php_value disable_functions fopen,shell_exec

There should be no performance degradation. I doubt that you will change the settings repeatedly inside the for() , while() or foreach() .

Apache and PHP security, subdomain restriction

More articles: