secure php in xpanel servers

From WebHostingNeeds.com
Jump to: navigation, search

To secure php on xpanel server add

        php_admin_value safe_mode 1
        php_admin_value disable_functions "show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen"

Here is my full configuration

# cat /usr/local/xpanel/Conf/xp_httpd.conf
#----------> Apache Configuration for XPanel <---------------------------------#
NameVirtualHost 199.180.118.19
<VirtualHost 199.180.118.19>
        UseCanonicalName Off
        RewriteEngine On
        RewriteMap lowercase int:tolower
        RewriteCond %{HTTP_HOST} \.([^.]+\.[^.]+\.[^.]+)$
        RewriteRule ^(.*) http://%1$1 [R,L]
        RewriteCond %{HTTP_HOST} ^([^.]+\.[^.]+)$
        RewriteRule ^(.*) http://www.%1$1 [R,L]
        RewriteCond %{REQUEST_URI} !^/cgi-bin/
        RewriteCond %{REQUEST_URI} !^/insert/
        RewriteRule ^/(.*)$ /home/vhosts/${lowercase:%{SERVER_NAME}}/$1
        RewriteCond %{REQUEST_URI} ^/cgi-bin/
        RewriteRule ^/(.*)$ /home/vhosts/${lowercase:%{SERVER_NAME}}/$1 [T=application/x-httpd-cgi]
        RewriteCond %{REQUEST_URI} ^/insert/
        RewriteRule ^/(.*)$ /usr/local/xpanel/$1 [T=application/x-httpd-cgi]
        CustomLog "|mysql -hlocalhost -uroot -pp8X1iVk3MvYTum XPanel" mysql
        LogFormat "UPDATE users SET bandwidthUsed=bandwidthUsed+%B WHERE domainName='%{Host}i';" mysql
        <Directory "/home/vhosts/">
                AllowOverride All
                Options FollowSymLinks ExecCGI
                #ErrorDocument 404 http://www.xpanel.com/404.html
        </Directory>
        <Directory "/usr/local/xpanel/insert/">
                Options FollowSymLinks ExecCGI
        </Directory>
        php_admin_value open_basedir "/home/vhosts/:/usr/lib/php:/usr/local/lib/php:/tmp"
        php_admin_value safe_mode 1
        php_admin_value disable_functions "show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen"
</VirtualHost>

 # edit path to your xpanel_admin directory
<Directory "/var/www/cgi-bin/xpanel_admin/">
        AllowOverride All
</Directory>
#----------> End Apache Configuration for XPanel <-----------------------------#
#




xpanel