|Requirements||LAMP+CentOS/UbuntuLinux/Unix like os|
|Estimated completion time||N/A|
Step #1: Find php.ini
To find the php.ini path, enter:
php -i | grep --color 'php.ini'
On my CentOS based system php.ini is located in /etc/ directory.
Step #2: Edit /etc/php.ini
Edit the file /etc/php.ini, type:
# vi /etc/php.ini
Make the following changes to /etc/php.ini:
# Disallow uploading altogether this makes moving or injecting bad scripts/code onto your web server more difficult file_uploads = Off # Disallow treatment of file requests as fopen calls allow_url_fopen = Off allow_url_include = Off
Save and close the file. Restart or reload the Apache web-server
# service httpd restart
# service httpd reload
If you are using Nginx, restart the nginx web-server, type:
# nginx -s reload
If you are using Lighttpd, restart the lighttpd web-server, type:
# /etc/init.d/lighttpd restart
See hardening and securing PHP article - twenty-five php security best practices for sysadmins for configuring PHP securely.Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?