Learn the most important php.ini directives, which allow you to alter certain PHP settings to accomodate the requirements of your website.
allow_url_fopen = On
Determines whether file access to external URLs is allowed. Preventing it increases security because it is more difficult for attackers to reload malware.
display_errors = Off
Although the error display is useful for debugging, it also provides internal information to attackers. It is therefore recommended to switch them off.
Specifies a list of functions to turn off. These are usually not used by PHP software, but by attackers.
Example: disable_functions = exec,system,passthru,shell_exec, popen,escapeshellcmd,proc_open, proc_nice,ini_restore
safe_mode = On
Enables the safe mode, which causes PHP to run in a safe mode. Further checks take place during file operations and access to environment variables is restricted.
Script Limit Settings
Hint: The limit values for the working memory (RAM) are given below in the php.ini-typical notation. For example, a value of 256M limits the available memory to 256 megabytes (MB).
memory_limit = 256M
Specifies the maximum amount of memory (RAM) a script may use. ATTENTION: Regardless of the global value specified here, the memory limit specified for your package applies. Higher values are therefore ignored by the web server. For example, to set the memory_limit to 512 MB, the following must be entered in php.ini: memory_limit = 512M
post_max_size = 64M
Determines the maximum amount of data that can be transferred via POST method. If you want to upload large files using a form, the value should be greater than upload_max_filesize. For example, to set post_max_size to 128 MB, enter the following in php.ini: post_max_size = 128M
Hint: Actual size may vary. For example, if the maximum script runtime is exceeded. Furthermore, the memory_limit must be greater than post_max_size.
upload_max_filesize = 64M
Determines the size of files that can be uploaded using a form. For example, to upload files up to 128 MB in size, enter the following in php.ini: upload_max_filesize = 128M
max_execution_time = 60
Time limit on how long a script can run. ATTENTION: Regardless of the global value specified here, the Max_Execution_Time specified for your package applies. Higher values are therefore ignored by the web server. For example, to limit the execution time for scripts to 45 seconds, enter the following in your php.ini: max_execution_time = 45
zlib.output_compression = off
Compress php files in gzip format
session.auto_start = off
Specifies whether the session module automatically starts a session at the beginning of a request. Default 0(disabled).
max_input_vars = 5000
This directive prevents the use of hashtable collisions for a denial of service attack. If more input variables are sent than allowed by this directive, an error of level E_WARNING is thrown and further input variables are not accepted. This limit is calculated individually for multidimensional input arrays for each nesting level.
max_input_time = -1
Specifies the maximum time in seconds a script may take to process input data (such as POST, GET, and file uploads). The time is measured when the data is received on the server until script execution starts. Time in seconds (-1 = no limit)