Suhosin : Exclude a domain from disabled functions

July 8, 2009 | In: PHP

when you use use “suhosin.executor.func.blacklist”, in php.ini it will disable those functions to entire domains in the server.

However, you can exclude domains from that restriction by using the appropriate entry in the apache configuration.

If in php.ini you have added suhosin.executor.func.blacklist = “exec,passthru,shell_exec” and all the functions that you want to disable globally.

Find the corresponding domain’s Virtual Host entry for which you want to exclude from /usr/local/apache/conf/httpd.conf suhosin.executor.func.blacklist again but without the function that you need to enable. And so you will enable that function only for one domain.

 
<VirtualHost 78.45.23.1:80>
………..
………..
<IfModule mod_php4.c>
php_admin_value open_basedir “/usr/lib/php”
</IfModule>
<IfModule mod_php5.c>
php_admin_value open_basedir “/usr/lib/php”
php_admin_value suhosin.executor.func.blacklist = “passthru,shell_exec”
</IfModule>
…….
……
</VirtualHost>

In this example exec has been enabled for the VirtualHost.

Thats all

mm
Hi All… I have been working the IT Industry since last ten years… Specialized in Linux, Cloud Infrastructure and Solution Design.
On the hobby friend, I do research on IOT, Micro-controllers, Electronics etc.
Music is my passion..Connect me on..

1 Response to Suhosin : Exclude a domain from disabled functions

Avatar

Gijs

October 20th, 2009 at 11:13 pm

Hi,

Thank you very much for this! I have been looking for this for ages!

THANKS!

Comment Form

*

Authors

mm
Presoon John

Hi All... I have been working the IT Industry since last ten years... Specialized in Linux, Cloud Infrastructure and Solution Design.
On the hobby friend, I do research on IOT, Micro-controllers, Electronics etc.
Music is my passion..Connect me on..

Access this post via Mobile

Scan the QR Code
QR Code Generator

Categories