How to remove unnecessary fastcgi_param?

Help! (Home for newbies)
1

Hi,

I noticed that when I dump the $_SERVER values in a PHP script, I can see some information which I do not need. I am not sure if it’s secure to do that. For example, on LEMP bundle, I can see something like:

print_r($_SERVER)

// Output
    Array
(
    [PHP_FCGI_CHILDREN] => 4
    [PHPRC] => /home/mydomain/etc/php7.2
    [XDG_SESSION_ID] => c166
    [SHELL] => /bin/bash
    [USER] => mydomain
    [LD_LIBRARY_PATH] => 
    [REMOTE_ADDR_PROTOCOL] => 4
    [PATH] => /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
    [_] => /usr/bin/php-loop.pl
    [SERVER_REALROOT] => /usr/libexec/webmin
    [PWD] => /usr/libexec/webmin/init/
    [PERLLIB] => /usr/libexec/webmin
    [REMOTE_ADDR] => 1.2.3.4
    [HOME] => /home/mydomain
    [SHLVL] => 4
    [LOGNAME] => mydomain
    [XDG_RUNTIME_DIR] => /run/user/1001
    [HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.9
    [HTTP_ACCEPT_ENCODING] => gzip, deflate
    [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    [HTTP_USER_AGENT] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
    [HTTP_UPGRADE_INSECURE_REQUESTS] => 1
    [HTTP_CACHE_CONTROL] => max-age=0
    [HTTP_CONNECTION] => keep-alive
    [HTTP_HOST] => mydomain.com
    [HTTPS] => 
    [SERVER_NAME] => mydomain.com
    [SERVER_PORT] => 80
    [SERVER_ADDR] => 1.2.3.5
    [REMOTE_PORT] => 60891
    [SERVER_PROTOCOL] => HTTP/1.1
    [DOCUMENT_ROOT] => /home/mydomain/public_html
    [DOCUMENT_URI] => /admin/index.php
    [REQUEST_URI] => /admin/
    [SCRIPT_NAME] => /admin/index.php
    [SCRIPT_FILENAME] => /home/mydomain/public_html/admin/index.php
    [CONTENT_LENGTH] => 
    [CONTENT_TYPE] => 
    [REQUEST_METHOD] => GET
    [QUERY_STRING] => 
    [SERVER_SOFTWARE] => nginx
    [GATEWAY_INTERFACE] => CGI/1.1
    [FCGI_ROLE] => RESPONDER
    [PHP_SELF] => /admin/index.php
    [REQUEST_TIME_FLOAT] => 1593500317.8069
    [REQUEST_TIME] => 1593500317
)

Some of the information is unnecessary like SERVER_REALROOT, PWD and so on. If I set fastcgi_param SERVER_REALROOT “”; the key is there but it’s just blank.

How can I remove them properly?

2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.