Suhosin : Exclude a domain from disabled functions

July 8, 2009 on 9:09 am | In PHP | 1 Comment

when you use use “suhosin.executor.func.blacklist”, in php.ini it will disable those functions to entire domains in the server.

However, you can exclude domains from that restriction by using the appropriate entry in the apache configuration.

If in php.ini you have added suhosin.executor.func.blacklist = “exec,passthru,shell_exec” and all the functions that you want to disable globally.

Find the corresponding domain’s Virtual Host entry for which you want to exclude from /usr/local/apache/conf/httpd.conf suhosin.executor.func.blacklist again but without the function that you need to enable. And so you will enable that function only for one domain.

<VirtualHost 78.45.23.1:80>
………..
………..
<IfModule mod_php4.c>
php_admin_value open_basedir “/usr/lib/php”
</IfModule>
<IfModule mod_php5.c>
php_admin_value open_basedir “/usr/lib/php”
php_admin_value suhosin.executor.func.blacklist = “passthru,shell_exec”
</IfModule>
…….
……
</VirtualHost>

In this example exec has been enabled for the VirtualHost.

Thats all

1 Comment »

RSS feed for comments on this post. TrackBack URI

  1. Hi,

    Thank you very much for this! I have been looking for this for ages!

    THANKS!

    Comment by Gijs — October 20, 2009 #

Leave a comment