Configure Virtual server to not load additional php ini file

rogeriobrito · March 21, 2012, 4:52am

Hello,

I have several virtual servers on my box, and a sometime ago one of the virtual servers was hacked.
To quickly disable some php functions I added a /etc/php.d/myconf.php file, that contains:

expose_php = Off
disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open
session.cookie_httponly = 1

After restarting apache those configs were applied to all virtual servers, very good!

The problem is I have one specific virtual server that needs the “exec” function. So the question is, how do I re-enable the “exec” function only to that virtual server?

Thank you

Rogerio

Eric · March 21, 2012, 1:40pm

Howdy,

Well, could you just disable it for that one Virtual Server… you could add the code to disable it to their own php.ini file in $HOME/etc/php.ini.

Most hackers or bots that break into websites don’t look in there to try and change the php.ini, so chances are that would continue to work fine, and it would allow your other sites to use those functions.

-Eric

rogeriobrito · March 22, 2012, 8:33pm

Hi Eric,

Actually, it’s the other way around. I want to block the functions for all servers, except one. With a custom /etc/php.d/myconf.ini I could block it for all servers, now I have to enable the funcion on only one virtual server. I’ve tried editing the local php.ini with a different disable_functions setting, but it didn’t work.
Is there a way to do it without having to edit the php.ini for all the servers?
Thanks

Rogerio