Results 1 to 6 of 6
  1. #1
    Join Date
    Sep 2006
    Location
    Toronto
    Posts
    163

    Question suhosin and .htaccess

    hi,

    I just installed suhosin to setup some limits on one of my servers, everything works well. however, user can still remove these limits by adding php_value in .htaccess, which is not so good.

    so I was wondering if there's any way to solve this problem? thx in advance

  2. #2
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,771
    Try adding the following option inside the
    <IfModule mod_php4.c> section in virtualhost entry of the domain in httpd.conf file.

    php_admin_flag engine off
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  3. #3
    Join Date
    Sep 2006
    Location
    Toronto
    Posts
    163
    so the only way to stop user overwritting my suhosin settings is to add the above lines? and if I have hundreds of users on my server I have to do this hundred times? is there any other way? thanks

  4. #4
    Join Date
    Sep 2006
    Location
    Toronto
    Posts
    163
    nevermind, figured out, thanks

  5. #5
    Join Date
    Jul 2003
    Posts
    533
    Quote Originally Posted by Red Jersey View Post
    nevermind, figured out, thanks
    can you please tell me how you did it ?

  6. #6
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,134
    Firstly, you don't need to do this in every virtual host. You can instead add (before all hosts)
    Code:
    <Directory "/home/*">
    php_admin_flag engine off
    </Directory>
    This should work well enough

    Secondly, there is no reason to do this in the first place. Allowing individuals to change suhosin settings means that they can configure their site to their own needs. Suhosin CAN break websites, and they're obviously changing this value for a reason. If you want to lose your customer, by all means, make sure they can't change it.

    Unlike suphp/phpsuexec, suhosin is meant to be able to be configured individually, to be able to fix the problems caused by suhosin on their website.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •