Enable opcache from htacces not from .ini file - opcache

I set opcache.enable=0 in opcache.ini
Now I want to enable opcache from my htaccess file using
php_flag opcache.enable On
But it is not working
Is there any way, I disable opcache in opcache.ini, and enable in my application's htacces file.
Thanks

The simple reply here is that you can't enable. OPcache is a zend_extension and as such can only be enabled at a system level. However, there is a simple wrinkle here in the opcache.enable is a PHP_INI_ALL directive and can be set to 0 anywhere either at a directory or program context. So having opcache.enable=1 in the system configuration and then setting
php_flag opcache.enable Off
should work, and this will disable caching for the scope of that request
Also read up on the directive opcache.blacklist_filename (which is a bit of a misnomer, BTW). This allows you to define files and file hierarchies that are not to be cached (but once blacklisted you can't then create exceptions or unblacklist files at runtime.
Also since the enable is a PHP_INI_ALL directive, there is nothing stopping you adding a bit of code logic disable caching for the scope of that request in an auto_prepend_file included script instead of using an htaccess php_flag directive, but not that once disabled, you then can't re-enable it, so you can only use the blacklist to control caching at a file level.

Related

X-Frame-Options: .htaccess vs httpd.conf

In httpd.conf (Unix / Mac OS Sierra) I've got "Header set X-Frame-Options SAMEORIGIN"
I'd like to override that for a specific directory to
X-Frame-Options ALLOW-FROM SpecificDomain.com
Goal is to allow iframe acess to that directory but no others.
I tried adding the ALLOW-FROM line to an .htaccess file in the target directory but no luck. iFrame is denied, browser console saying "X-Frame-Options" are set to "SAMEORIGIN"
There are compatibility issues with some browsers with the Allow-From parameter for X-Frame-Options response header, chances are you are dealing with a browser which does not support it.
Ideally try this command to see the headers output and make sure the setting you made is being used:
curl -I http://yourserver.example.com/exceptionpath/
If it is, instead of setting that other header you may also want to unset that header in that directory to avoid compatibility issues with that parameter:
Header unset X-Frame-Options
or if the above is not being applied:
Header always unset X-Frame-Options
Sidenote: If you are the admin of the site you don't need to use .htaccess if you have access to main configuration files, set in the appropiate Directory entry instead. Disable .htaccess files altogether with AllowOverride none. Configurations will be simpler and you will gain a bit of performance by not forcing httpd to constantly read that file several times with each hit.

.htaccess Disable mod_security for specific IPs

On my server there is enabled mod_security and I want to disable it with .htaccess for 3 specific IP address. Is that possible?
I tried something like this:
<IfModule mod_security2.c>
SecRule REMOTE_ADDR "^1.2.3.4$" "phase:1,t:none,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off,id:9999"
</IfModule>
but seams like it doesn't work.
Rule looks good to me.
ModSecurity 2.7 requires the following flag to be added at compile time to allow .htaccess to alter settings so I presume you've included that (it's not set by default)?:
--enable-htaccess-config
To test if this is the problem you could move your rule to the main Apache config and see if it works there.
I would also suggest adding logging, to see if the rule is fired and/or adding debug logging to see if it reaches there or gives a clue as to why not.

php ini settings given in .htaccess is not working

I need to use time zone PST for my application, so i have set these settings in .htaccess file of my zend project. --
php_value date.timezone "America/Los_Angeles"
But it is not being reflected in my project, when i echo the date it is showing me Indian time. What am missing in this please help me to know.
Ensure .htaccess files is of any use. It may be that your httpd is not even reading it (most likely) or it does, but ignores your php_value (less possible as it usually ends with error 500)

upload script not working after enabling suphp

My php script that uploads files in my centos - apache server was working fine.
Today I enabled suphp in server and after that script is not uploading any files.
I was used "php_flag register_globals on" in .htaccess before. But I removed that line from ".htaccess" in order to prevent 500 server error.
Pls help
After a long search and testing, I found the solution myself.
Just created a php.ini file and added a line:
register_global = on
and removed all php flags in .htaccess.
Now its working fine.
As you figured out the parameter has to be in a php.ini file and suPHP has to be instructed to read this file. More information in this answer: php.ini not being read (Debian / ISP Config)
But; If your upload script requires register_globals to be enabled it's probably badly written or outdated. You should try to avoid using register_globals since it poses a security threat. More about that here: What are register_globals in PHP?

How can I prevent scripts from running inside a directory?

I have a files directory for my image storage in my web root folder, i want to know how to secure that folder. i prevent people from uploading scripts to that folder, i check file extensions, if it is not an image then it will not save to that folder.
but faking extensions are done easily, what happens if someone manage to upload a script to my files directory and access that from the browser
so i need a way to prevent scripts from running inside that folder and only allow images to run.
i know htaccess can do that but i dont know how to set it up. my .htaccess file is like this:
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
ForceType application/octet-stream
<FilesMatch "(?i)\.(gif|jpe?g|png)$">
ForceType none
</FilesMatch>
Options All -Indexes
but it is not working, i saved a php file in that folder then tried to accessed it from the browser and i can still access it. do you know how to make this work? or if you have more secure approach to this, please tell me.
thank you
I think that it isn't working because you have only added an extra handler, you haven't removed the other handlers.
It is easiest to put another .htaccess file in the folder you want to protect (rather than messing with the match directive) that contains:
# Fix PHP, you should do matching commands for JSP and ASP, & html
RemoveType application/x-httpd-php php
# .... add the other remove-handler statements here .... #
# Optionally make these equivalent to text files.
# UPDATE: Taken this out as you dont want people to see PHP files at all
#AddType text/html php
# To disable cgi and server side includes & indexes
# You need to check the setup of Apache, some of the file types
# listed should already be handled as CGI (.pl, .py, .sh)
Options -ExecCGI -Includes -Indexes
# Completely block access to PHP files
<FilesMatch "\.(php|phps|html|htm|jsp|asp)$">
Order allow,deny
Deny from all
</Files>
# Add in any additional types to block
That covers PHP and CGI, you should do matching commands for JSP and ASP
UPDATE: Added code to completely block access to PHP files - sorry, thought initially that you simply didn't want them executing. Also note that I've commented out the line that turns PHP files into text files.

Resources