When we use suPHP it is possible for our users to create a php.ini file in the same folder as their script, which allows them to override any security directives we have.
To end this problem we must edit the suphp configuration file:# nano /opt/suphp/etc/suphp.conf
And we will modify it as follows :[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.< br /> application/x-httpd-php=/usr/local/lib/
application/x-httpd-php4=/usr/local/lib/
application/x-httpd-php5=/ usr/local/lib/
Then we restarted Apache and the matter was fixed.
Knowledgebase
- 0 Users Found This Useful