PHP Secure and Hardening Part 2


Oke this post is part 2 from "PHP Secure and hardening" .
so you must read from first post by clik the link :)
PHP Secure and Hardening

[#] Memory_limit

You can protect your applications from several kinds of attacks as well as Ddos Attack of bugs in application (infinite loop or other memory-intensive fault). We can use the memory_limit realistically possible. The setting of 8MB enough but still aggressive enough to catch the problem before too much damage is done.

; Lower memory_limit in php.ini for security reasons
memory_limit = 8M


or setting in httpd.conf atau .htaccess file:


# Lower memory_limit for security reasons
php_value memory_limit 8M

[#] Post_max_size

This protection allows you to limit the maximum size POST POST requests are allowed to be processed PHP. Attacker may try to send a POST request with a large size to drain your server resources.

; Lower post_max_size ini php.ini for security reasons
post_max_size = 256K

or setting in httpd.conf atau .htaccess file:

# Lower post_max_size for security reasons
php_value post_max_size 256K

[#] Register_globals

A number of the more remote script assumes that the data sent by a form will automatically have a PHP variable with the same name. If your form has an input field with the name "namavariable", the PHP script file past assumed that PHP will automatically create a variable named $ namavariable that contains the specified value.


; Disable register globals in php.ini for security reasons
register_globals = Off

or setting on httpd.conf atau .htaccess file:

# Disable register globals for security reasons
php_flag register_globals Off

Note :
Register_globals Must disable


[#] Safe mode

PHP mode Save Mode is "an attempt to solve the security problem with server" comprehensive which includes many useful features. In this mode, access to files owned by Apache disabled, and access to environment variables and execution of binary programs is also disabled.

; Enable save_mode in php.ini for security reasons
safe_mode = On

or setting in httpd.conf atau .htaccess file:

# Enable save_mode for security reasons
php_flag safe_mode On 

In some cases, you'll want to use to check the ownership group (for example, in case you have some scripts deploy web applications). Disabled.

if you want to check safe mode on grup :

safe_mode_gid = On

and for limits access file is :

safe_mode_include_dir = /path/to/dir
safe_mode_exec_dir = /path/to/exec/dir

Note:
For safe_mode_include_dir and safe_mode_exec_dir used for a specific directory.
For safe mode On hope you check your web application services, as this will make the blank screen for a CMS, or applications that do not support!

[#] Save_path

This directive allows you to specify where the file should be saved when the session using the default session handler. This should be a directory outside of the document root and should only be accessed by web users.

save_path be unique virtual host virtual host when they are controlled by different entities to prevent the site from reading any other session (shared hosting).

; Set save_path to a safe location in php.ini for security reasons
session.save_path = /var/www/foo/sessions

or setting in httpd.conf atau .htaccess file::

# Set save_path to a safe location
php_value session.save_path /var/www/foo/sessions

[#] Upload_max_filesize

upload_max_filesize limit the maximum size of files that PHP will accept through uploads. Attacker may try to send files too large to drain your server resources. Make sure you will be using an acceptable value.

; Lower upload_max_filesize ini php.ini for security reasons
upload_max_filesize = 128KB

or setting in httpd.conf atau .htaccess file:

# Lower upload_max_filesize for security reasons
php_value upload_max_filesize 128KB

[#] upload_tmp_dir

upload_tmp_dir allows you to specify a temporary directory used for storing files. If this directory is the document root of the web site and / or accessed by users of the system in addition to the PHP manual, may be modified or replaced while the PHP process. By default upload_tmp_dir is set to the default directory while the system, which can usually be accessed by all users of the system.

You must set upload_tmp_dir to a folder outside the document root of your website and can not be read or written by other system users.

; Set upload_tmp_dir to a safe location
upload_tmp_dir = /var/www/foo/sessions

or setting in httpd.conf atau .htaccess file:

# Set upload_tmp_dir to a safe location
php_value upload_tmp_dir /var/www/foo/sessions

[#] Use_trans_sid

upload_tmp_dir allows you to specify a temporary directory used for storing files. If this directory is the document root of the web site and / or accessed by users of the system in addition to the PHP manual, may be modified or replaced while the PHP process. By default upload_tmp_dir is set to the default directory while the system, which can usually be accessed by all users of the system.

You must set upload_tmp_dir to a folder outside the document root of your website and can not be read or written by other system users.

; Disable use_trans_sid for security reasons
session.use_trans_sid = Off

or setting in httpd.conf atau .htaccess file:

# Disable use_trans_sid for security reasons
php_flag session.use_trans_sid Off

note
12:04 For Ubuntu versions up to disable session.use_trans_sid = 0
Title : PHP Secure and Hardening Part 2
Description : Oke this post is part 2 from "PHP Secure and hardening"  . so you must read from first post by clik the link :) [#] Memo...

0 Response to "PHP Secure and Hardening Part 2"

Post a Comment