API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 20th, 2014
163
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.89 KB | None | 0 0
raw download clone embed print report
  1. [suhosin]
  2.  
  3. extension=suhosin.so
  4.  
  5.  
  6.  
  7. suhosin.mail.protect=2
  8.  
  9.  
  10.  
  11. suhosin.filter.action=402
  12.  
  13. ;suhosin.cookie.max_array_depth=4096
  14. ;suhosin.cookie.max_array_index_length=2048
  15. ;suhosin.cookie.max_name_length=2048
  16. ;suhosin.cookie.max_value_length=650000
  17. ;suhosin.cookie.max_vars=4096
  18. suhosin.request.max_array_depth=4096
  19. suhosin.request.max_array_index_length=2048
  20. suhosin.request.max_name_length=2048
  21. suhosin.request.max_value_length=650000
  22. suhosin.request.max_vars=4096
  23. suhosin.post.max_array_depth=8048
  24. suhosin.post.max_array_index_length=1024
  25. suhosin.post.max_name_length=2048
  26. suhosin.post.max_totalname_length=8048
  27. suhosin.post.max_vars=4096
  28.  
  29. suhosin.upload.max_uploads=100
  30.  
  31.  
  32. suhosin.log.syslog = S_ALL & ~S_SQL
  33.  
  34.  
  35. suhosin.cookie.encrypt=On
  36.  
  37. ;suhosin.upload.verification_script=/opt/check.sh
  38.  
  39. suhosin.log.file.name=/var/log/suhosin.log
  40.  
  41. ;--------------------------------------------------------------------------
  42. ; +------------+-------+
  43. ; |Constant | Value |
  44. ; +============+=======+
  45. ; |LOG_EMERG | 0 |
  46. ; +------------+-------+
  47. ; |LOG_ALERT | 1 |
  48. ; +------------+-------+
  49. ; |LOG_CRIT | 2 |
  50. ; +------------+-------+
  51. ; |LOG_WARNING | 3 |
  52. ; +------------+-------+
  53. ; |LOG_NOTICE | 4 |
  54. ; +------------+-------+
  55. ; |LOG_INFO | 5 |
  56. ; +------------+-------+
  57. ; |LOG_DEBUG | 6 |
  58. ; +------------+-------+
  59. ; |LOG_ERR | 7 |
  60. ; +------------+-------+
  61.  
  62. ;Defines the syslog facility that is used when ALERTs are logged to syslog.
  63. suhosin.log.syslog.facility = LOG_USER
  64.  
  65. ; Defines the syslog priority that is used when ALERTs are logged to syslog.
  66. suhosin.log.syslog.priority = LOG_CRIT
  67.  
  68. ; Defines what classes of security alerts are logged through the SAPI error log. [LOG_EMERG == 0 ]
  69. ;SAPI stands for "Server API". It is the mechanism that controls the interaction between the "outside world" and the PHP/Zend engine.
  70. suhosin.log.sapi = 3
  71.  
  72. ; Defines what classes of security alerts are logged through STDOUT
  73. suhosin.log.stdout = 3
  74.  
  75. ; Specifies if suhosin.log.file contains timestamp for each log entry.
  76. suhosin.log.file.time = On
  77.  
  78. ;Defines what classes of security alerts are logged through the external logging script.
  79.  
  80. suhosin.log.script = 3
  81.  
  82. ; Defines what classes of security alerts are logged through the defined PHP script
  83. suhosin.log.phpscript = 0
  84.  
  85. ; ================
  86. ; Executor Options
  87. ; ================
  88.  
  89. ; When the Suhosin logs an error the log message also contains the IP of the attacker
  90. suhosin.log.use-x-forwarded-for = On
  91.  
  92. ; Defines the maximum stack depth allowed by the executor before it stops the
  93. ; script. Without this function an endless recursion in a PHP script could crash
  94. ; the PHP executor or trigger the configured memory_limit.
  95. suhosin.executor.max_depth = 750
  96.  
  97.  
  98. ; Defines how many '../' an include filename needs to contain to be considered an
  99. ; attack and stopped.
  100. suhosin.executor.include.max_traversal=4
  101.  
  102.  
  103. ; Comma separated whitelist of URL schemes that are allowed to be included from
  104. ; include or require statements.
  105. ;suhosin.executor.include.whitelist="phar"
  106.  
  107. ; Turn this flag off to prevent PHP from executing writable PHP files.
  108. suhosin.executor.include.allow_writable_files = On
  109.  
  110.  
  111.  
  112.  
  113. suhosin.executor.disable_emodifier=Off
  114.  
  115.  
  116.  
  117. suhosin.executor.eval.blacklist=include,include_once,require,require_once,
  118. curl_init,fpassthru,file,base64_encode,base64_decode,mail,exec,system,proc_open,
  119. leak,syslog,pfsockopen,shell_exec,ini_restore,symlink,stream_socket_server,
  120. proc_nice,popen,proc_get_status,dl, pcntl_exec, pcntl_fork, pcntl_signal,
  121. pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled,
  122. pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, socket_accept,
  123. socket_bind, socket_connect, socket_create, socket_create_listen,
  124. socket_create_pair,link,register_shutdown_function,register_tick_function
  125.  
  126.  
  127. suhosin.executor.disable_eval=Off
  128.  
  129.  
  130. ; ============
  131. ; Misc Options
  132. ; ============
  133.  
  134.  
  135. suhosin.executor.allow_symlink = Off
  136.  
  137. ; If you fear that Suhosin breaks your application, you can activate Suhosin's
  138. ; simulation mode with this flag.
  139. suhosin.simulation = Off
  140.  
  141. ; Allow certain categories of config directives to be changed by .htaccess for
  142. ; each directory individually.
  143. suhosin.perdir = "0"
  144.  
  145. ; Prevent Suhosin's secret key material (suhosin.cookie.cryptkey,
  146. ; suhosin.session.cryptkey, suhosin.rand.seedingkey) from being exposed by
  147. ; phpinfo().
  148. suhosin.protectkey = On
  149.  
  150. ; Controls if suhosin coredumps when the optional suhosin patch detects a buffer
  151. ; overflow, memory corruption or double free. This is only for debugging purposes
  152. ; and should not be activated.
  153.  
  154. suhosin.coredump = Off
  155.  
  156.  
  157. ; APC 3.0.12(p1/p2) uses reserved resources without requesting a resource slot
  158. ; first. It always uses resource slot 0. If Suhosin got this slot assigned APC
  159. ; will overwrite the information Suhosin stores in this slot. When this flag is
  160. ; set Suhosin will request 2 Slots and use the second one. This allows working
  161. ; correctly with these buggy APC versions.
  162.  
  163. ;suhosin.apc_bug_workaround = Off
  164.  
  165.  
  166. ; Prevent PHP from setting display_errors programmatically. "0" means off. Any
  167. ; one of "1", "on", "yes", "true" means on. "fail" or "2" (or greater values)
  168. ; will let PHP know that the value change failed.
  169.  
  170. suhosin.disable.display_errors = fail
  171.  
  172. ; ========================
  173. ; SQL Injection Protection
  174. ; ========================
  175.  
  176.  
  177. suhosin.memory_limit=256M
  178.  
  179. ; (Planned feature. This is not yet supported.)
  180. suhosin.sql.bailout_on_error=Off
  181.  
  182.  
  183. ; This is an experimental feature.
  184. ;suhosin.sql.comment = 0
  185.  
  186. ; This is an experimental feature.
  187. ;suhosin.sql.multiselect = 0
  188.  
  189. ; ==============================
  190. ; Transparent Encryption Options
  191. ; ==============================
  192.  
  193. ; This is an experimental feature.
  194. ;suhosin.sql.union = 0
  195.  
  196. ; Flag that decides if the transparent session encryption is activated or not.
  197. suhosin.session.encrypt = On
  198.  
  199. ; Session data can be encrypted transparently
  200. suhosin.session.cryptkey =
  201.  
  202. ; Number of octets (0-4) from the REMOTE_ADDR that the transparent session
  203. ; encryption key depends on.
  204. suhosin.session.cryptraddr = 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!