LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   want to disable htaccess from updating the default php values set in php.ini (http://www.linuxquestions.org/questions/linux-software-2/want-to-disable-htaccess-from-updating-the-default-php-values-set-in-php-ini-4175463311/)

nikeshp 05-24-2013 08:24 AM

want to disable htaccess from updating the default php values set in php.ini
 
In my development server PHP is installed as Apache module.

Some developers are changing php values for some projects by putting like "php_value memory_limit 512M" in htaccess file.

I want to block this. I want to disable htaccess from updating the default php values set in php.ini.

Since we are using htaccess for rewrite rules, I can't disable entire htaccess of the server. I just wanted to block htaccess from updating the default php values set in php.ini.

How can I do this ?

My server - CentOS - Apache/2.2.23, PHP 5.3.22

bloodstreetboy 05-25-2013 01:09 AM

To prevent users setting PHP config values in .htaccess files, do not give AllowOverride Options permissions on their virtual hosts.

Alternatively, install PHP as CGI instead of as an Apache module, as the CGI version is unaffected by .htaccess files. However, since PHP 5.3.0, PHP CGI does parse per-directory php.ini files. I am not aware of a method that turns this off.

I've just seen this in the latest default php.ini:

Quote:

; Directives following the section heading [PATH=/www/mysite] only
; apply to PHP files in the /www/mysite directory. Directives
; following the section heading [HOST=www.example.com] only apply to
; PHP files served from www.example.com. Directives set in these
; special sections cannot be overridden by user-defined INI files or
; at runtime. Currently, [PATH=] and [HOST=] sections only work under
; CGI/FastCGI.
; http://php.net/ini.sections
So if you put directives in your main php.ini under per-directory headings they cannot be overridden. However, the downside is that you'll have to do this for every virtual host so it'll be a PITA in environments where there are many or where new ones are frequently added.

Further reading has revealed this:

Quote:

; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
;user_ini.filename = ".user.ini"
; To disable this feature set this option to empty value
;user_ini.filename =
So just uncomment that last line to disable per-user ini files.

chrism01 05-26-2013 08:09 PM

This is one of the reasons Apache recommend NOT using htaccess files, but putting the reqd directives inside the relevant Dir tags
https://httpd.apache.org/docs/curren.../htaccess.html


All times are GMT -5. The time now is 02:54 PM.