Jump to content


Photo
- - - - -

Set register_globals on a per-site basis


  • Please log in to reply
1 reply to this topic

#1 Mike Morrison

Mike Morrison

    Administrator

  • Administrators
  • 10 posts

Posted 27 February 2006 - 10:46 PM

In general, this logic will work for most php.ini settings (not just register_globals). But as an example, let's say you want to leave register_globals = off for all sites except "example.com"...

What you'll need...
1. root access to your server
2. SSH/SFTP client (check out this thread if you don't have one)

Step-by-step...
1. Log-in to your server as root

2. Find the 'httpd.conf' file, which is typically found here...
/etc/httpd/conf/httpd.conf

3. Download httpd.conf and pull it up in you perferred code/text editing app

4. Find the <VirtualHost> entry for example.com, which should look something like this...
<VirtualHost 1.2.3.4:80>
  DocumentRoot /home/websites/example.com/public_html
  ServerName example.com
  ServerAlias www.example.com
</VirtualHost>

If you're using a control panel of some sorts, there may or may not be a bunch of other random 'stuff' within the <VirtualHost> tags.

5. Add this line within the <VirtualHost> tags...
php_flag register_globals 1

So your VirtualHost entry now looks something like...
<VirtualHost 1.2.3.4:80>
  DocumentRoot /home/websites/example.com/public_html
  ServerName example.com
  ServerAlias www.example.com
  php_flag register_globals 1
</VirtualHost>

6. Upload the modified "httpd.conf" back to the proper location on your server.

7. Flip over to your SSH prompt and restart Apache...
/etc/rc.d/init.d/httpd restart

8. Done! :)

#2 brianoz

brianoz

    Advanced Member

  • Members
  • PipPipPip
  • 73 posts

Posted 25 December 2006 - 01:00 PM

Be aware that if you are running phpsuexec, the php_flag syntax will not work in httpd.conf and will probably make it impossible to start your webserver. PHP does not run as a module inside httpd which means you have to create a php.ini file in the account you want affected, and in each directory in that account that you want affected, with contents as follows:

register_globals        =       On

(of course you could use "Off" instead of "On")

If you want an example check out /usr/local/lib/php.ini, although that's a large file and your php.ini file should only be a few lines - maybe even only one line.

By the way, you can tell you are NOT running phpsuexec if your PHP files run as the "nobody" user, and you *are* running phpsuexec if your PHP files run as separate processes under the actual user. Your webserver *should* be running under phpsuexec, running as non-phpsuexec is dangerously insecure (everyone can ready everyone else's PHP files, and thus passwords etc - no way to do business).

On a non-phpsuexec system, if you really have to, it's actually preferable to put the php_flag line (just as Mike has it) in a .htaccess file inside your public_html directory. That means you then don't have to edit the global httpd.conf which can be dangerous if you don't know what you are doing; as well as possibly not being in that location on a non-cpanel host. Also you don't need root access to do it this way.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users