Do you want to know about one of the ways that will help you to keep your server secure? That’s possible through the settings update of the php.ini file of the server. This helps to secure the server. The method that needs to be used depends on the version of EasyApache. Now that doesn’t mean that you won’t implement other security measures and follow the best practices. Other security measures should be used alongside these settings. If these settings are used as a solitary solution for server security, then it can be perilous for the security of the server. Malicious users are infamous for bypassing most hardening measures. Another important point that needs to be mentioned here is that all files with the .ini file extension are read by Apache. You must manually update the custom .ini files.
Let us start by understanding what a server is, and then elaborate on the php.ini file’s editing process.
What is a Server?
A server is a hardware device or software. It accepts and fulfills clients’ requests that are made over a network. A client is any device, which generates requests for servers. The server sends its response to the client that generated the request. Clients can be programs or devices. Service, which is known as functionality, is provided by servers to their clients. It is the client-server model that is used for this purpose.
Servers can be of many types. These include, but are not limited to, database servers, application servers, file servers, game servers, proxy servers, mail servers, print servers, web servers, etc. Let us take the example of a web server to understand the functioning of a server more effectively.
Web servers are one of the many types of servers. These are provided by web hosting companies for the purpose of web hosting. Web hosting is meant for rendering websites accessible over the Internet, and for ensuring their online availability at all times. For this purpose, web servers are used to store the files (content) of websites. These files are subsequently delivered from the servers to the devices of users, who are trying to access these sites. The files are transferred over the Internet. The requested web content by the client from the server becomes accessible once the content reaches the Internet-connected device of the user.
Now, web hosting can be of many types. Its main types are VPS, shared hosting, dedicated hosting, reseller hosting, WordPress hosting, cloud hosting, etc. In the competitive world of web hosting, every web hosting company tries to deliver high uptime, fast page loading, powerful security, 24*7 customer care service, and many similar but essential features. It is the quality of service, and the affordability of hosting plans that ensure that service providers, such as HTS Hosting, gain a competitive edge, and earn the reputation of being the “Top Cloud Hosting Company”, the “Best Windows Hosting Company” as well as the “Best Website Hosting Company” globally.
Now that you know what a server is, let us touch upon how to edit your php.ini file. The php.ini file refers to the default configuration file for running those applications that need PHP. It servers the purpose of controlling certain variables, such as file timeouts, upload sizes, and resource limits.
Editing in EasyApache 3
It is recommended to edit this file only with the PHP Configuration Editor interface of WHM.
WHM >> Home >> Service Configuration >> PHP Configuration Editor.
Systems that run EasyApache 3, have the server’s php.ini file in the /usr/local/lib/ directory.
Editing in EasyApache 4
It is recommended to edit these files only with the MultiPHP INI Editor interface of WHM. This ensures the existence of an operable version of PHP on the system.
WHM >> Home >> Software >> MultiPHP INI Editor.
PHP’s every version uses a separate php.ini file on those systems that run EasyApache 4. Changes need to be made separately to each file. Each file is in the /opt/cpanel/ea-php72/root/etc/php.ini file. In it, 72 indicates the PHP version number.
- safe_mode – Many problems which occur due to the use of PHP in a shared hosting environment are solved by this directive. It compares the UID of the PHP script with that of files and directories which it tries to access. When the UIDs don’t match, script access isn’t allowed by the system. It needs to be mentioned that PHP 5.3.0 deprecated this directive. Moreover, it was removed by PHP 5.4.0
- disable_functions – A list of PHP functions is disabled by this directive.
- register_globals – This directive can enable attackers to bypass your settings through the URL. It needs to be mentioned that PHP 5.3.0 deprecated this directive. Moreover, it was removed by PHP 5.4.0
- display_errors – PHP is allowed to print run-time errors to generated HTML pages, by this directive. Even when it is disabled, PHP can print errors to the appropriate error logs.
- allow_url_fopen – This directive enables attackers to open remote files from your server. This can be done via file inclusion vulnerabilities.
- allow_url_include – This directive enables attackers to include remote files from your server. This can be done via file inclusion vulnerabilities.
- file_uploads – This directive can enable attackers to move their scripts on to as well as of a server.
- open_basedir – This directive limits the operations of files to a specific directory. Attackers might attempt to include local files in PHP scripts. This enables them to access information about a server’s filesystem.
- session.referer_check – This directive lets it check referrer values. A domain can be specified to ensure that session information stays internally. In this way, users won’t be able to expose session information while they are working on web applications.