Support

Admin Tools

#24147 Set PHP Settings in Admin htaccess?

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by Chacapamac on Monday, 11 January 2016 08:05 CST

Saturday, 09 January 2016 12:18 CST

Chacapamac
 Do you think it’s a good idea to set some php security settings directly in the Admin htaccess like

disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open, escapeshellarg,escapeshellcmd,proc_close,dl


I also like to know how to insert it manually in your hatccess.

Do you see other functions that can be added in there
I see others like:
proc_get_status,proc_nice,proc_open,proc_terminate,proc_close,dl,phpinfo,system,posix_kill,popen,exec,passthru,apache_note,apache_setenv,openlog,closelog,syslog,pcntl_exec,pclose,ini_restore,escapeshellcmd,escapeshellarg,define_syslog_variables


I know you have to use —> php_value and php_flag

What do you think ?

Monday, 11 January 2016 02:04 CST

nicholas
If you have to use .htaccess directives you can put them in the "Custom .htaccess rules at the bottom of the file" area of the .htaccess Maker. That's what it's there for. This all that's in the scope of our software support and what I can tell you with absolute confidence without being your host. However, I would not be so fast as to apply any changes yet!

First things first, I would not disable the following functions in your list: phpinfo, ini_restore. The former is necessary to debug PHP-related issues on your site. The latter does not pose a security threat and may be used in very legitimate use cases.

Now, regarding your question: I cannot possibly answer that. It depends on the PHP SAPI used by your server. The .htaccess method works if you're using the Apache 2 Handler SAPI but not if you're using FastCGI/CGI. In the latter and most common case the recommended method for applying custom PHP configuration is through .user.ini files. Please do ask your host before doing anything. What and how you can do it depends on how your server is configured and what is allowed by your host, in their user-inaccessible configuration (i.e. what they allow you to override and how).

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 11 January 2016 08:05 CST

Chacapamac
Thanks This answer my question.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!