Thursday, April 26, 2012

PHP Security: Limit Resources Used By Script

How do I control and put limits on php scripts such as maximum execution time of each script and upload file size?

PHP supports the following resource limits directives in php.ini file:
  1. max_execution_time : Maximum execution time of each script, in seconds.
  2. max_input_time : Maximum amount of time each script may spend parsing request data.
  3. memory_limit : Maximum amount of memory a script may consume.
Edit php.ini, enter:
# vi /etc/php.ini
Set up values as follows:
max_execution_time =  30
max_input_time = 30
memory_limit = 40M
Set maximum size of POST data that PHP will accept:
post_max_size = 8M
Set maximum allowed size for uploaded files:
upload_max_filesize = 2M
Turn on or off HTTP file uploads (disallow uploading unless necessary):
file_uploads = Off
Make sure PHP redirects appropriately with the following:
cgi.force_redirect = 0
Disable file requests as fopen calls with the following
allow_url_fopen = Off
Turn on SQL safe mode:
sql.safe_mode = O
Reload Apache web server:
# service httpd reload
OR
Reload lighttpd web server:
# /etc/init.d/lighttpd reload
Note any attempt to exceed these limits will result in a "500 Server Error".
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)