= PHP Configuration = `php(1)` has a long history, leading to harsh backward-compatibility constraints. The default behaviors are ''not'' desirable on a modern internet. The configuration file is `/etc/php/php.ini`. Some distributions provide two versions: a hardened `php.ini-production` and a verbose `php.ini-development`. <> ---- == Configuration Template == {{{ [PHP] ;;;;;;;;;;;;;;;;;;; ; php.ini Options ; ;;;;;;;;;;;;;;;;;;; user_ini.filename = ;;;;;;;;;;;;;;;;;;;; ; Language Options ; ;;;;;;;;;;;;;;;;;;;; engine = Off short_open_tag = Off output_buffering = 4096 implicit_flush = Off zend.enable_gc = On zend.exception_ignore_args = On ;;;;;;;;;;;;;;;;; ; Miscellaneous ; ;;;;;;;;;;;;;;;;; expose_php = Off ;;;;;;;;;;;;;;;;;;; ; Resource Limits ; ;;;;;;;;;;;;;;;;;;; max_execution_time = 30 max_input_time = 60 memory_limit = 128M ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Error handling and logging ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT display_errors = Off display_startup_errors = Off log_errors = On report_memleaks = Off report_zend_debug = Off error_log = "/var/log/php.log" ;;;;;;;;;;;;;;;; ; Data Handing ; ;;;;;;;;;;;;;;;; variables_order = "GPCS" request_order = "GP" register_argc_argv = Off auto_globals_hit = On post_max_size = 8M default_mimetype = "text/html" default_charset = "UTF-8" ;;;;;;;;;;;;;;;;;;;;;;;;; ; Paths and Directories ; ;;;;;;;;;;;;;;;;;;;;;;;;; doc_root = user_dir = enable_dl = Off ;;;;;;;;;;;;;;;; ; File Uploads ; ;;;;;;;;;;;;;;;; file_uploads = Off upload_max_filesize = 2m max_file_uploads = 20 ;;;;;;;;;;;;;;;;;; ; Fopen wrappers ; ;;;;;;;;;;;;;;;;;; allow_url_fopen = Off allow_url_include = Off default_socket_timeout = 60 }}} ---- == Module Settings == === ODBC === {{{ extension=odbc [ODBC] odbc.allow_persistent = On odbc.check_persistent = On odbc.max_persistent = -1 odbc.max_links = -1 odbc.defaultlrl = 4096 odbc.defaultbinmode = 1 }}} === MySQL === There are two drivers for [[MySQL]] and/or [[MariaDB]] databases: `pdo_mysql` and `mysqli` (MySQL Improved). {{{ extension=pdo_mysql [Pdo_mysql] pdo_mysql.default_socket = }}} {{{ extension=mysqli [MySQLi] mysqli.max_persistent = -1 mysqli.allow_persistent = On mysqli.max_links = -1 mysqli.default_port = 3306 mysqli.default_socket = mysqli.default_host = mysqli.default_user = mysqli.default_pw = mysqli.reconnect = Off }}} The '''MySQL Native Driver''' is a set of internal communication utilities that is already enabled. {{{ [mysqlnd] mysqlnd.collect_statistics = On mysqlnd.collect_memory_statistics = Off }}} === PostgreSQL === An official driver for [[PostgreSQL]]. {{{ extension=pgsql [PostgreSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0 }}} === LDAP === {{{ extension=ldap [ldap] ldap.max_links = -1 }}} === mcrypt === `mcrypt` has been replaced with `sodium`. === mssql === `mssql` has been replaced with `pdo_dblib`. ---- == Hardening == === Crafted URLs === To prevent an attacker from calling `php(1)` directly, force all requests to come through a web server redirection. {{{ ; mitigate crafted URLs cgi.force_redirect = On }}} === Read-Only === If file uploads are not required, here are some sane defaults. {{{ ; disable uploading file_uploads = Off ; disable remote file access allow_url_fopen = Off allow_url_include = Off }}} === Leaking Information === Several debugging settings should be explicitly disabled for production. {{{ zend.exception_ignore_args = On display_errors = Off display_startup_errors = Off report_memleaks = Off report_zend_debug = Off }}} ---- == Testing == For interactive testing of a configuration file, try: {{{ php -i }}} The `phpinfo` function can also be used to develop a test web page. {{{ }}} ---- CategoryRicottone