Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [suhosin]
- extension=suhosin.so
- suhosin.mail.protect=2
- suhosin.filter.action=402
- ;suhosin.cookie.max_array_depth=4096
- ;suhosin.cookie.max_array_index_length=2048
- ;suhosin.cookie.max_name_length=2048
- ;suhosin.cookie.max_value_length=650000
- ;suhosin.cookie.max_vars=4096
- suhosin.request.max_array_depth=4096
- suhosin.request.max_array_index_length=2048
- suhosin.request.max_name_length=2048
- suhosin.request.max_value_length=650000
- suhosin.request.max_vars=4096
- suhosin.post.max_array_depth=8048
- suhosin.post.max_array_index_length=1024
- suhosin.post.max_name_length=2048
- suhosin.post.max_totalname_length=8048
- suhosin.post.max_vars=4096
- suhosin.upload.max_uploads=100
- suhosin.log.syslog = S_ALL & ~S_SQL
- suhosin.cookie.encrypt=On
- ;suhosin.upload.verification_script=/opt/check.sh
- suhosin.log.file.name=/var/log/suhosin.log
- ;--------------------------------------------------------------------------
- ; +------------+-------+
- ; |Constant | Value |
- ; +============+=======+
- ; |LOG_EMERG | 0 |
- ; +------------+-------+
- ; |LOG_ALERT | 1 |
- ; +------------+-------+
- ; |LOG_CRIT | 2 |
- ; +------------+-------+
- ; |LOG_WARNING | 3 |
- ; +------------+-------+
- ; |LOG_NOTICE | 4 |
- ; +------------+-------+
- ; |LOG_INFO | 5 |
- ; +------------+-------+
- ; |LOG_DEBUG | 6 |
- ; +------------+-------+
- ; |LOG_ERR | 7 |
- ; +------------+-------+
- ;Defines the syslog facility that is used when ALERTs are logged to syslog.
- suhosin.log.syslog.facility = LOG_USER
- ; Defines the syslog priority that is used when ALERTs are logged to syslog.
- suhosin.log.syslog.priority = LOG_CRIT
- ; Defines what classes of security alerts are logged through the SAPI error log. [LOG_EMERG == 0 ]
- ;SAPI stands for "Server API". It is the mechanism that controls the interaction between the "outside world" and the PHP/Zend engine.
- suhosin.log.sapi = 3
- ; Defines what classes of security alerts are logged through STDOUT
- suhosin.log.stdout = 3
- ; Specifies if suhosin.log.file contains timestamp for each log entry.
- suhosin.log.file.time = On
- ;Defines what classes of security alerts are logged through the external logging script.
- suhosin.log.script = 3
- ; Defines what classes of security alerts are logged through the defined PHP script
- suhosin.log.phpscript = 0
- ; ================
- ; Executor Options
- ; ================
- ; When the Suhosin logs an error the log message also contains the IP of the attacker
- suhosin.log.use-x-forwarded-for = On
- ; Defines the maximum stack depth allowed by the executor before it stops the
- ; script. Without this function an endless recursion in a PHP script could crash
- ; the PHP executor or trigger the configured memory_limit.
- suhosin.executor.max_depth = 750
- ; Defines how many '../' an include filename needs to contain to be considered an
- ; attack and stopped.
- suhosin.executor.include.max_traversal=4
- ; Comma separated whitelist of URL schemes that are allowed to be included from
- ; include or require statements.
- ;suhosin.executor.include.whitelist="phar"
- ; Turn this flag off to prevent PHP from executing writable PHP files.
- suhosin.executor.include.allow_writable_files = On
- suhosin.executor.disable_emodifier=Off
- suhosin.executor.eval.blacklist=include,include_once,require,require_once,
- curl_init,fpassthru,file,base64_encode,base64_decode,mail,exec,system,proc_open,
- leak,syslog,pfsockopen,shell_exec,ini_restore,symlink,stream_socket_server,
- proc_nice,popen,proc_get_status,dl, pcntl_exec, pcntl_fork, pcntl_signal,
- pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled,
- pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, socket_accept,
- socket_bind, socket_connect, socket_create, socket_create_listen,
- socket_create_pair,link,register_shutdown_function,register_tick_function
- suhosin.executor.disable_eval=Off
- ; ============
- ; Misc Options
- ; ============
- suhosin.executor.allow_symlink = Off
- ; If you fear that Suhosin breaks your application, you can activate Suhosin's
- ; simulation mode with this flag.
- suhosin.simulation = Off
- ; Allow certain categories of config directives to be changed by .htaccess for
- ; each directory individually.
- suhosin.perdir = "0"
- ; Prevent Suhosin's secret key material (suhosin.cookie.cryptkey,
- ; suhosin.session.cryptkey, suhosin.rand.seedingkey) from being exposed by
- ; phpinfo().
- suhosin.protectkey = On
- ; Controls if suhosin coredumps when the optional suhosin patch detects a buffer
- ; overflow, memory corruption or double free. This is only for debugging purposes
- ; and should not be activated.
- suhosin.coredump = Off
- ; APC 3.0.12(p1/p2) uses reserved resources without requesting a resource slot
- ; first. It always uses resource slot 0. If Suhosin got this slot assigned APC
- ; will overwrite the information Suhosin stores in this slot. When this flag is
- ; set Suhosin will request 2 Slots and use the second one. This allows working
- ; correctly with these buggy APC versions.
- ;suhosin.apc_bug_workaround = Off
- ; Prevent PHP from setting display_errors programmatically. "0" means off. Any
- ; one of "1", "on", "yes", "true" means on. "fail" or "2" (or greater values)
- ; will let PHP know that the value change failed.
- suhosin.disable.display_errors = fail
- ; ========================
- ; SQL Injection Protection
- ; ========================
- suhosin.memory_limit=256M
- ; (Planned feature. This is not yet supported.)
- suhosin.sql.bailout_on_error=Off
- ; This is an experimental feature.
- ;suhosin.sql.comment = 0
- ; This is an experimental feature.
- ;suhosin.sql.multiselect = 0
- ; ==============================
- ; Transparent Encryption Options
- ; ==============================
- ; This is an experimental feature.
- ;suhosin.sql.union = 0
- ; Flag that decides if the transparent session encryption is activated or not.
- suhosin.session.encrypt = On
- ; Session data can be encrypted transparently
- suhosin.session.cryptkey =
- ; Number of octets (0-4) from the REMOTE_ADDR that the transparent session
- ; encryption key depends on.
- suhosin.session.cryptraddr = 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement