php settings that are not allowed to be set in Kloxo

212 views
Skip to first unread message

Will

unread,
Apr 22, 2012, 7:02:45 PM4/22/12
to lxd...@googlegroups.com
Here are a list of settings that are not able to be set by the user in Kloxo yet can be changed in a .htaccess file.  This can be fixed by having Kloxo write it as a php_admin_value in the httpd virtual host file.  Anyone else have a concern about this current behavior?
 
zlib.output_compression        ALL
max_execution_time             ALL
max_input_time                    PERDIR
memory_limit                       ALL
post_max_size                    PERDIR
upload_max_filesize             PERDIR
session.save_path                ALL
 
-Will

Sandro Serra

unread,
Apr 23, 2012, 3:35:56 AM4/23/12
to lxd...@googlegroups.com
Here i am...

René

unread,
Apr 23, 2012, 4:05:20 AM4/23/12
to lxd...@googlegroups.com
On 04/23/2012 01:02 AM, Will wrote:
Here are a list of settings that are not able to be set by the user in Kloxo yet can be changed in a .htaccess file.  This can be fixed by having Kloxo write it as a php_admin_value in the httpd virtual host file.  Anyone else have a concern about this current behavior?
Yes, this an age old problem. With my type of clients no problem, because I have hardly any "hosting only" clients. I think the idea is that we don't want to leave to our customers the possibility to use all the system resources for their own site and letting other sites suffer the consequences. The idea should be honestly sharing with a price tag, isn't it? In other words the administrator or Kloxo should control not the client.

The responses to this issue in the past were to change to suphp, where .htaccess is not read. So you could say the concern is there, but nobody was interested to do something about it, because apparently everybody is solving the issue by switching to suphp.

-- René

Will

unread,
Apr 23, 2012, 8:12:27 PM4/23/12
to lxd...@googlegroups.com
Ok well I have an easy fix to it then.  I'll try to commit something this weekend.  Also I tested disable_functions and it works per domain when using php_admin_value.  This goes against what the PHP manual says.  I think the PHP 5.3 from IUS that I am testing is hardened by suhosin, which I believe most distro's packages use anyway.
 
-Will
 
 
--
# http://en.wikipedia.org/wiki/Netiquette
# A: Because it messes up the order in which people normally read text.
# Q: Why is top-posting such a bad thing?
# A: Top-posting.
# Q: What is the most annoying thing in e-mail?
 
# To Unsubscribe, send an e-mail to:
# lxdevel+u...@googlegroups.com
#
# For more options, visit:
# http://groups.google.com/group/lxdevel
 
# At december, 11th 2011: 21 members.
# At januari, 31th 2012: 25 members.

lupetalo

unread,
Apr 24, 2012, 3:43:32 AM4/24/12
to lxd...@googlegroups.com
Is this means that if client make php.ini file in domain root or change .htaccess values he can change php settings for that domain?

Will

unread,
Apr 24, 2012, 7:20:32 PM4/24/12
to lxd...@googlegroups.com
No.  This means that with mod_php, the user's .htaccess can override settings of the global php.ini file.  The php.ini file per domain that is controlled by Kloxo is not used by mod_php at all.  My solution would be to use php_admin_value to set it in the httpd virtual host file which cannot be overridden by the .htaccess file.  Just let me know that this is fully understood.
Reply all
Reply to author
Forward
0 new messages