TechQA.

Disable PHP eval in Virtualhost per location

376 views Asked by At

I have successfully installed suhosin in my server and I'm blocking the devil PHP eval function on some virtualhosts with this configuration:

<VirtualHost 123.123.123.123:80>
    <Directory /var/www/html/www.example.com>
         #SUHOSIN
         php_admin_value suhosin.executor.disable_eval On
    </Directory>
</VirtualHost>

However, I need to enable eval on some specific URL since it is used by the platform on some specific cases. I've tried the following:

<VirtualHost 123.123.123.123:80>
    <Directory /var/www/html/www.example.com>
         # SUHOSIN
         php_admin_value suhosin.executor.disable_eval On
    </Directory>
    <Location "/some/path">
        # Reenable eval for this path
        php_admin_value suhosin.executor.disable_eval Off
    </Location>
</VirtualHost>

And also with the tag LocationMatch, with no success (it's like if it was not there: no effect at all).

Any ideas how can I have this directive working just for a specific path?

Thanks

php apache eval httpd.conf suhosin
Original Q&A
1

There are 1 answers

2
holden On

I am not using SUHOSIN, I solved with different php.ini files for each website. Something like:

<VirtualHost 123.123.123.123:80>
[...]
PHPINIDir /path/to/specificinifile
[...]
</VirtualHost>

Hope this helps.

Related Questions in PHP

Related Questions in APACHE

Related Questions in EVAL

Related Questions in HTTPD.CONF

Related Questions in SUHOSIN

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions