Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to override php_functions in .htaccess - DSO (not suPHP)

Discussion in 'Security' started by jeremys_ppc, Oct 21, 2014.

  1. jeremys_ppc

    jeremys_ppc Member

    Joined:
    May 7, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    We are using MPM_ITK with the DSO PHP Handler. From the documentation it looks like we cannot use custom php.ini files (Which would be valid for suPHP) but need to be done in the .htaccess using the php_value setting.

    I have set disabled_functions in our main php.ini to include the ini_set() method due to security but the problem is there are several CMS that need this functionality. So for those specific sites only (we are not trying to enable it server wide) we are trying to re-enable ini_set().

    My main php.ini has this line:
    php_value disable_functions "show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen, ini_set"

    The .htaccess on a client site (Joomla site) has this in the .htaccess
    php_value disable_functions "show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen"

    For some reason, however, ini_set is still showing as disabled. Oddly enough it does seem to read the htaccess as if I remove phpinfo and set a phpinfo() call in a test page it does work! Does anyone know how to get the ini_set functions to enable correctly? I have asked our "cPanel experts" (probably need to find new "experts" but that's a different story) however its been a whole day and they have not given me any insight to this issue.
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,232
    Likes Received:
    1,939
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Please see:

    PHP: Description of core php.ini directives - Manual

    In particular:

    This directive must be set in php.ini For example, you cannot set this in httpd.conf.

    It's not possible to override the value in the .htaccess file of an account.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. jeremys_ppc

    jeremys_ppc Member

    Joined:
    May 7, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Well thats unfortunate as using DSO custom php.ini are not valid....
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,232
    Likes Received:
    1,939
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    The only other alternative (besides switching to suPHP) is to remove the option from the disable_functions list globally.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice