How do I disable functions on servers for particular directories?
No its not possible to do that in a reliable way. As we stand, php does not provides an option to white-list certain directories for certain functions. A custom function could be written that allows for the execution of the "forbidden" functions in certain directories, but that means you have to allow them globally, and that will not stop programmers to access the forbidden functions directly.
The disable_functions setting is only available inside php.ini, any other way to try and overwrite it is not allowed(for example: ini_set
or through apache configs).
So really you have 2 options, use it, or not, but there is no inbetween.
Source: http://php.net/manual/en/ini.core.php#ini.disable-functions
And in particular this:
This directive must be set in php.ini For example, you cannot set this in httpd.conf.
@slm That is one strategy but that doesn't keep them from escalating out side of the directory, so it would really be a facade and obscure way to do it. Even if that will work.
Related videos on Youtube
Himanshu Matta
Updated on September 18, 2022Comments
-
Himanshu Matta over 1 year
I want to disable some functions on server to improve security of server. I followed these steps:
STEP: 1 Open
php.ini
file:vi /etc/php.ini
STEP: 2 Find
disable_functions
and set new list as follows: disable_functions= exec,passthru,shell_exec,systemSTEP: 3 service httpd restart
With the help of above steps I am able to disable all the above functions. Now these functions are no longer available on server.
If I want to enable or disable these functions for particular directories then it is possible or not?
-
Guntis about 11 yearsLook here stackoverflow.com/questions/14532987/…
-
-
Himanshu Matta about 11 yearsare you 100% sure ?? Is there any alternate to achieve the same ??
-
slm about 11 yearsCan you elaborate as to the reasons why? As it stands this answer may be correct but it doesn't provide any reasons as to why which would be helpful for the OP and others that may come across this answer in the future.
-
Himanshu Matta about 11 yearsI have two servers suppose server A and server B. I use server A to convert voice file into another format and then I send it to server B. I use exec function to convert voice file on server A. Now I want to disable exec function but if I do the same then I'll not be able to convert voice file into another format that's why I am asking is it possible to enable functions for particular directories?
-
Alexander Meesters about 11 yearsexpanded my comment for a bit
-
Himanshu Matta about 11 yearsI tested this ...not working ..:(
-
ceejayoz over 10 yearsIt'll never work. Allowing
.htaccess
files to override thediable_functions
setting would destroy the entire point of it for security.