Wednesday, June 2, 2010

SuPHP htaccess php_value _flag php.ini

SkyHi @ Wednesday, June 02, 2010
On suphp servers you should remove the lines from .htaccess file that begin with “php_value” and “php_flag”. You will need to add the settings that you want to use to a file named php.ini and upload php.ini into your public_html directory.
You will need to remove php_value and php_flag from ALL .htaccess files you may have

in httpd.conf
<Directory "/var/www/html/">
Options FollowSymLinks
AllowOverride All

In .htaccess under public_html, add the following:
suPHP_ConfigPath /var/www/html/
##disallow anyone to access this file
<files php.ini>
order allow,deny
deny from all

<files “.ht*”>
deny from all

In php.ini
register_globals = On
post_max_size 6M
upload_max_filesize 6M
max_execution_time 90
max_input_time 90

#NOTE: this custom php.ini uses default php.ini setting like memory_limt = 8M. Check phpinfo()

new Custom php.ini setting:
max_execution_time = 160     
max_input_time = 160    
memory_limit = 50M
post_max_size = 50M
upload_max_filesize = 50M
upload_tmp_dir = "/tmp/phpupload"
display_errors = Off
allow_url_fopen = Off

disable_functions = "dl, exec, shell_exec, system, passthru, popen, pclose, proc_open, proc_nice, proc_terminate, proc_
get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid
, posix_setuid, escapeshellcmd, escapeshellarg"

expose_php = Off

#chown user:group .htaccess
#chown user:group php.ini

To disable the .htaccess, you have to move the .htaccess and php.ini out of the way.


When SuPHP is enabled, it is no longer possible to to

include php_value directives in .htaccess files.

Instead of adding these directives to your .htaccess file, add them into
a file called php.ini and place this file in the same directory that
your script runs in. Most often this will be public_html directory, but
in some cases you will install your script in a subdirectory. Wherever
your script runs, this is the place for your php.ini file. You will need
to drop the "php_flag" and "php_value" prefix. You will also need to

put an equals (=) sign between the setting and the value.

For example, if your script recommends these settings in a .htaccess file:

php_value upload_max_filesize 10M
php_value post_max_size 10
php_value max_execution_time 60

Put these directives in a php.ini file instead. Here is the proper syntax:
upload_max_filesize = 10M
post_max_size = 10M

To correct the permission on the files and directory:


for user in `ls /var/cpanel/users`; do
 chown -R ${user}:${user} /home/${user}/public_html
 chmod 755 /home/${user}/public_html
 find /home/${user}/public_html -group nobody -exec chgrp ${user} {} \; -print0
 find /home/${user}/public_html -perm 777 -type d -exec chmod 755 {} \; -print0
 find /home/${user}/public_html -perm 666 -type f -exec chmod 644 {} \; -print0
 find /home/${user}/public_html -perm 777 -type f -exec chmod 644 {} \; -print0

To remove ‘php_value’ from the .htaccess file:

find /home/*/public_html/. -type f -exec sed -i "s/php_value/###php_value/" {} \;