[PHP] php configs in the apache config file?
Supposedly, in your apache httpd.conf file you can specify php config values. I'm trying to shore up security on a new box by setting the following within VirtualHost tags: php_value open_basedir /path/to/virtualhost/ However, it doesnt work. If I set the values in the php.ini file, it DOES work... What am I missing?? Are there any restrictions to setting these php values in an httpd.conf file? The doc's dont really mention anything... I'm baffled! I'm running apache_1.3.23 + php-4.1.2 on a linux box. Thanks, Rob __ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php configs in the apache config file?
It doesn't work with CGI installations of PHP. bvr. Robert Montgomery wrote: Supposedly, in your apache httpd.conf file you can specify php config values. I'm trying to shore up security on a new box by setting the following within VirtualHost tags: php_value open_basedir /path/to/virtualhost/ However, it doesnt work. If I set the values in the php.ini file, it DOES work... What am I missing?? Are there any restrictions to setting these php values in an httpd.conf file? The doc's dont really mention anything... I'm baffled! I'm running apache_1.3.23 + php-4.1.2 on a linux box. Thanks, Rob __ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php configs in the apache config file?
OK, I've figured it out. Apparantly when setting php vars in an apache config file, you HAVE to use the form php_admin_value as opposed to just php_value. Some of the php documentation is vague or even misleading, such as this example from the online docs, which does not use the form php_admin_value but is obviously used in the apache config file: IfModule mod_php4.c php_value include_path .:/usr/local/lib/php php_flag safe_mode on /IfModule Also, the docs say: php_value name value This sets the value of the specified variable. php_admin_value name value This sets the value of the specified variable. Admin configuration settings can only be set from within the main Apache configuration files, and not from .htaccess files. So it makes it sound as if you CAN use the php_value form in the apache config, but that it is over-rideable via htaccess files... However it doesnt work, at least with the 4.1.2... Maybe the functionality has been changed recently, for security reasons. I figure if you go to the trouble to set a value in apache for a particular virtualhost, you dont want to allow it to be overridden via htaccess, which isnt possible when they force you to use the php_admin_value form. I actually prefer it that way, the docs just need updating! Thanks for the responses. Rob --- bvr [EMAIL PROTECTED] wrote: It doesn't work with CGI installations of PHP. bvr. Robert Montgomery wrote: Supposedly, in your apache httpd.conf file you can specify php config values. I'm trying to shore up security on a new box by setting the following within VirtualHost tags: php_value open_basedir /path/to/virtualhost/ However, it doesnt work. If I set the values in the php.ini file, it DOES work... What am I missing?? Are there any restrictions to setting these php values in an httpd.conf file? The doc's dont really mention anything... I'm baffled! I'm running apache_1.3.23 + php-4.1.2 on a linux box. Thanks, Rob __ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/ __ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php configs in the apache config file?
OK, I've figured it out. Apparantly when setting php vars in an apache config file, you HAVE to use the form php_admin_value as opposed to just php_value. Some of the php documentation is vague or even misleading, such as this example from the online docs, which does not use the form php_admin_value but is obviously used in the apache config file: IfModule mod_php4.c php_value include_path .:/usr/local/lib/php php_flag safe_mode on /IfModule Also, the docs say: php_value name value This sets the value of the specified variable. php_admin_value name value This sets the value of the specified variable. Admin configuration settings can only be set from within the main Apache configuration files, and not from .htaccess files. So it makes it sound as if you CAN use the php_value form in the apache config, but that it is over-rideable via htaccess files... However it doesnt work, at least with the 4.1.2... Sure it works. It depends on the directive. Obviously safe_mode is not something that can be overridden by users in a .htaccess file, so safe_mode is set via php_admin_flag whereas something like include_path is not an admin value and is set via php_value. Maybe the functionality has been changed recently, for security reasons. I figure if you go to the trouble to set a value in apache for a particular virtualhost, you dont want to allow it to be overridden via htaccess, which isnt possible when they force you to use the php_admin_value form. I actually prefer it that way, the docs just need updating! No, the docs are actually correct. None admin flags can be overridden in .htaccess files assuming you enable it via the appropriate AlloveOverride Options. If you don't set Options on AllowOverride then none of this stuff can be overridden in the .htaccess files. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
