[BlueOnyx:26626] Re: PHP setting override
Michael Stauber
mstauber at blueonyx.it
Sat Dec 2 11:23:21 -05 2023
Hi Robert,
> I tried to create an ini file in a vsite php.d directory on a 5209R
> server, but can't seem to get it to apply...
>
> [root at www5 site28]# pwd
> /home/.sites/43/site28
> [root at www5 site28]# cat php.d/waf.ini
> php_value auto_prepend_file /home/.sites/43/site28/web/wordfence-waf.php
>
> I applied by saving the web settings in the GUI. I tried php_admin_value
> as well, but the value continues to show the auto_prepend_value from
> this file:
>
> /etc/php-fpm-8.1.d/site28.conf
>
> I even tried to add the same line in the .htaccess file of the vsite
> with the same results. How can I override that setting?
The config option "auto_prepend_file" must generally be set via
"php_admin_value", as it's a privileged setting.
Likewise: Not all PHP settings may be changed by this mechanism and I
regret to tell you that modifications of the value for
"auto_prepend_file" are not supported via this mechanism, because the
GUI already uses it for a built in security feature:
php_admin_value auto_prepend_file
/usr/sausalito/configs/php/set_php_headers.php
We use this to log all emails sent by PHP scripts to /var/log/maillog
with an identifier that allows us to figure out which script sent the
email. That's a security feature that allows us (and you) to easily
figure out which PHP script has been (ab)used to send emails.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list