The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to override php_functions in .htaccess - DSO (not suPHP)

Discussion in 'Security' started by jeremys_ppc, Oct 21, 2014.

  1. jeremys_ppc

    jeremys_ppc Member

    Joined:
    May 7, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    We are using MPM_ITK with the DSO PHP Handler. From the documentation it looks like we cannot use custom php.ini files (Which would be valid for suPHP) but need to be done in the .htaccess using the php_value setting.

    I have set disabled_functions in our main php.ini to include the ini_set() method due to security but the problem is there are several CMS that need this functionality. So for those specific sites only (we are not trying to enable it server wide) we are trying to re-enable ini_set().

    My main php.ini has this line:
    php_value disable_functions "show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen, ini_set"

    The .htaccess on a client site (Joomla site) has this in the .htaccess
    php_value disable_functions "show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen"

    For some reason, however, ini_set is still showing as disabled. Oddly enough it does seem to read the htaccess as if I remove phpinfo and set a phpinfo() call in a test page it does work! Does anyone know how to get the ini_set functions to enable correctly? I have asked our "cPanel experts" (probably need to find new "experts" but that's a different story) however its been a whole day and they have not given me any insight to this issue.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Please see:

    PHP: Description of core php.ini directives - Manual

    In particular:

    This directive must be set in php.ini For example, you cannot set this in httpd.conf.

    It's not possible to override the value in the .htaccess file of an account.

    Thank you.
     
  3. jeremys_ppc

    jeremys_ppc Member

    Joined:
    May 7, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Well thats unfortunate as using DSO custom php.ini are not valid....
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...
Similar Threads - override php_functions htaccess
  1. jjozwik
    Replies:
    3
    Views:
    390

Share This Page