;extension = suhosin.so ; ----------------------------------------------------------------------------- ; This file was taken from Mandriva Linux with their permission ; ----------------------------------------------------------------------------- ;[suhosin] ; ----------------------------------------------------------------------------- ; Logging Options ; Defines what classes of security alerts are logged to the syslog daemon. ; Logging of errors of the class S_MEMORY are always logged to syslog, no ; matter what this configuration says, because a corrupted heap could mean that ; the other logging options will malfunction during the logging process. ;suhosin.log.syslog = ; Defines the syslog facility that is used when ALERTs are logged to syslog. ;suhosin.log.syslog.facility = ; Defines the syslog priority that is used when ALERTs are logged to syslog. ;suhosin.log.syslog.priority = ; Defines what classes of security alerts are logged through the SAPI error log. ;suhosin.log.sapi = ; Defines what classes of security alerts are logged through the external ; logging. ;suhosin.log.script = ; Defines what classes of security alerts are logged through the defined PHP ; script. ;suhosin.log.phpscript = 0 ; Defines the full path to a external logging script. The script is called with ; 2 parameters. The first one is the alert class in string notation and the ; second parameter is the log message. This can be used for example to mail ; failing MySQL queries to your email address, because on a production system ; these things should never happen. ;suhosin.log.script.name = ; Defines the full path to a PHP logging script. The script is called with 2 ; variables registered in the current scope: SUHOSIN_ERRORCLASS and ; SUHOSIN_ERROR. The first one is the alert class and the second variable is ; the log message. This can be used for example to mail attempted remote URL ; include attacks to your email address. ;suhosin.log.phpscript.name = ; Undocumented ;suhosin.log.phpscript.is_safe = Off ; When the Hardening-Patch logs an error the log message also contains the IP ; of the attacker. Usually this IP is retrieved from the REMOTE_ADDR SAPI ; environment variable. With this switch it is possible to change this behavior ; to read the IP from the X-Forwarded-For HTTP header. This is f.e. necessary ; when your PHP server runs behind a reverse proxy. ;suhosin.log.use-x-forwarded-for = Off ; ----------------------------------------------------------------------------- ; Executor Options ; Defines the maximum stack depth allowed by the executor before it stops the ; script. Without this function an endless recursion in a PHP script could ; crash the PHP executor or trigger the configured memory_limit. A value of ; "0" disables this feature. ;suhosin.executor.max_depth = 0 ; Defines how many "../" an include filename needs to contain to be considered ; an attack and stopped. A value of "2" will block "../../etc/passwd", while a ; value of "3" will allow it. Most PHP applications should work flawlessly with ; values "4" or "5". A value of "0" disables this feature. ;suhosin.executor.include.max_traversal = 0 ; Comma separated whitelist of URL schemes that are allowed to be included from ; include or require statements. Additionally to URL schemes it is possible to ; specify the beginning of allowed URLs. (f.e.: php://stdin) If no whitelist is ; specified, then the blacklist is evaluated. ;suhosin.executor.include.whitelist = ; Comma separated blacklist of URL schemes that are not allowed to be included ; from include or require statements. Additionally to URL schemes it is ; possible to specify the beginning of allowed URLs. (f.e.: php://stdin) If no ; blacklist and no whitelist is specified all URL schemes are forbidden. ;suhosin.executor.include.blacklist = ; Defines if PHP is allows to run code from files that are writable by the ; current process. If a file is created or modified by a PHP process, there ; is a potential danger of code injection. Only turn this on if you are sure ; that your application does not require writable PHP files. ;suhosin.executor.include.allow_writable_files = On ; Comma separated whitelist of functions that are allowed to be called. If the ; whitelist is empty the blacklist is evaluated, otherwise calling a function ; not in the whitelist will terminate the script and get logged. ;suhosin.executor.func.whitelist = ; Comma separated blacklist of functions that are not allowed to be called. If ; no whitelist is given, calling a function within the blacklist will terminate ; the script and get logged. ;suhosin.executor.func.blacklist = ; Comma separated whitelist of functions that are allowed to be called from ; within eval(). If the whitelist is empty the blacklist is evaluated, ; otherwise calling a function not in the whitelist will terminate the script ; and get logged. ;suhosin.executor.eval.whitelist = ; Comma separated blacklist of functions that are not allowed to be called from ; within eval(). If no whitelist is given, calling a function within the ; blacklist will terminate the script and get logged. ;suhosin.executor.eval.blacklist = ; eval() is a very dangerous statement and therefore you might want to disable ; it completely. Deactivating it will however break lots of scripts. Because ; every violation is logged, this allows finding all places where eval() is ; used. ;suhosin.executor.disable_eval = Off ; The /e modifier inside preg_replace() allows code execution. Often it is the ; cause for remote code execution exploits. It is wise to deactivate this ; feature and test where in the application it is used. The developer using the ; /e modifier should be made aware that he should use preg_replace_callback() ; instead. ;suhosin.executor.disable_emodifier = Off ; This flag reactivates symlink() when open_basedir is used, which is disabled ; by default in Suhosin >= 0.9.6. Allowing symlink() while open_basedir is used ; is actually a security risk. ;suhosin.executor.allow_symlink = Off ; ----------------------------------------------------------------------------- ; Misc Options ; If you fear that Suhosin breaks your application, you can activate Suhosin's ; simulation mode with this flag. When Suhosin runs in simulation mode, ; violations are logged as usual, but nothing is blocked or removed from the ; request. (Transparent features are NOT deactivated in simulation mode.) ; (since v0.9.30 affects (dis)allowed functions) ;suhosin.simulation = Off ; APC 3.0.12(p1/p2) uses reserved resources without requesting a resource slot ; first. It always uses resource slot 0. If Suhosin got this slot assigned APC ; will overwrite the information Suhosin stores in this slot. When this flag is ; set Suhosin will request 2 Slots and use the second one. This allows working ; correctly with these buggy APC versions. ;suhosin.apc_bug_workaround = Off ; When a SQL Query fails scripts often spit out a bunch of useful information ; for possible attackers. When this configuration directive is turned on, the ; script will silently terminate, after the problem has been logged. (This is ; not yet supported) ;suhosin.sql.bailout_on_error = Off ; This is an experimental feature for shared environments. With this ; configuration option it is possible to specify a prefix that is automatically ; prepended to the database username, whenever a database connection is made. ; (Unless the username starts with the prefix) ;suhosin.sql.user_prefix = ; This is an experimental feature for shared environments. With this ; configuration option it is possible to specify a postfix that is ; automatically appended to the database username, whenever a database ; connection is made. (Unless the username end with the postfix) ; ; With this feature it is possible for shared hosters to disallow customers to ; connect with the usernames of other customers. This feature is experimental, ; because support for PDO and PostgreSQL are not yet implemented. ;suhosin.sql.user_postfix = ; This directive controls if multiple headers are allowed or not in a header() ; call. By default the Hardening-Patch forbids this. (HTTP headers spanning ; multiple lines are still allowed). ;suhosin.multiheader = Off ; This directive controls if the mail() header protection is activated or not ; and to what degree it is activated. The appended table lists the possible ; activation levels. ;suhosin.mail.protect = 1 ; As long scripts are not running within safe_mode they are free to change the ; memory_limit to whatever value they want. Suhosin changes this fact and ; disallows setting the memory_limit to a value greater than the one the script ; started with, when this option is left at 0. A value greater than 0 means ; that Suhosin will disallows scripts setting the memory_limit to a value above ; this configured hard limit. This is for example usefull if you want to run ; the script normaly with a limit of 16M but image processing scripts may raise ; it to 20M. ;suhosin.memory_limit = 0 ; ----------------------------------------------------------------------------- ; Transparent Encryption Options ; Flag that decides if the transparent session encryption is activated or not. ;suhosin.session.encrypt = On ; Session data can be encrypted transparently. The encryption key used consists ; of this user defined string (which can be altered by a script via ini_set()) ; and optionally the User-Agent, the Document-Root and 0-4 Octects of the ; REMOTE_ADDR. ;suhosin.session.cryptkey = ; Flag that decides if the transparent session encryption key depends on the ; User-Agent field. (When activated this feature transparently adds a little ; bit protection against session fixation/hijacking attacks) ;suhosin.session.cryptua = On ; Flag that decides if the transparent session encryption key depends on the ; Documentroot field. ;suhosin.session.cryptdocroot = On ; Number of octets (0-4) from the REMOTE_ADDR that the transparent session ; encryption key depends on. Keep in mind that this should not be used on sites ; that have visitors from big ISPs, because their IP address often changes ; during a session. But this feature might be interesting for admin interfaces ; or intranets. When used wisely this is a transparent protection against ; session hijacking/fixation. ;suhosin.session.cryptraddr = 0 ; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the ; session. The difference to suhosin.session.cryptaddr is, that the IP is not ; part of the encryption key, so that the same session can be used for ; different areas with different protection levels on the site. ;suhosin.session.checkraddr = 0 ; Flag that decides if the transparent cookie encryption is activated or not. ;suhosin.cookie.encrypt = 0 ; Cookies can be encrypted transparently. The encryption key used consists of ; this user defined string and optionally the User-Agent, the Document-Root and ; 0-4 Octects of the REMOTE_ADDR. ;suhosin.cookie.cryptkey = ; Flag that decides if the transparent session encryption key depends on the ; User-Agent field. (When activated this feature transparently adds a little ; bit protection against session fixation/hijacking attacks (if only session ; cookies are allowed)) ;suhosin.cookie.cryptua = On ; Flag that decides if the transparent cookie encryption key depends on the ; Documentroot field. ;suhosin.cookie.cryptdocroot = On ; Number of octets (0-4) from the REMOTE_ADDR that the transparent cookie ; encryption key depends on. Keep in mind that this should not be used on sites ; that have visitors from big ISPs, because their IP address often changes ; during a session. But this feature might be interesting for admin interfaces ; or intranets. When used wisely this is a transparent protection against ; session hijacking/fixation. ;suhosin.cookie.cryptraddr = 0 ; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the ; cookie. The difference to suhosin.cookie.cryptaddr is, that the IP is not ; part of the encryption key, so that the same cookie can be used for different ; areas with different protection levels on the site. ;suhosin.cookie.checkraddr = 0 ; In case not all cookies are supposed to get encrypted this is a comma ; separated list of cookie names that should get encrypted. All other cookies ; will not get touched. ;suhosin.cookie.cryptlist = ; In case some cookies should not be crypted this is a comma separated list of ; cookies that do not get encrypted. All other cookies will be encrypted. ;suhosin.cookie.plainlist = ; ----------------------------------------------------------------------------- ; Filtering Options ; Defines the reaction of Suhosin on a filter violation. ;suhosin.filter.action = ; Defines the maximum depth an array variable may have, when registered through ; the COOKIE. ;suhosin.cookie.max_array_depth = 50 ; Defines the maximum length of array indices for variables registered through ; the COOKIE. ;suhosin.cookie.max_array_index_length = 64 ; Defines the maximum length of variable names for variables registered through ; the COOKIE. For array variables this is the name in front of the indices. ;suhosin.cookie.max_name_length = 64 ; Defines the maximum length of the total variable name when registered through ; the COOKIE. For array variables this includes all indices. ;suhosin.cookie.max_totalname_length = 256 ; Defines the maximum length of a variable that is registered through the ; COOKIE. ;suhosin.cookie.max_value_length = 10000 ; Defines the maximum number of variables that may be registered through the ; COOKIE. ;suhosin.cookie.max_vars = 100 ; When set to On ASCIIZ chars are not allowed in variables. ;suhosin.cookie.disallow_nul = 1 ; Defines the maximum depth an array variable may have, when registered through ; the URL ;suhosin.get.max_array_depth = 50 ; Defines the maximum length of array indices for variables registered through ; the URL ;suhosin.get.max_array_index_length = 64 ; Defines the maximum length of variable names for variables registered through ; the URL. For array variables this is the name in front of the indices. ;suhosin.get.max_name_length = 64 ; Defines the maximum length of the total variable name when registered through ; the URL. For array variables this includes all indices. ;suhosin.get.max_totalname_length = 256 ; Defines the maximum length of a variable that is registered through the URL. ;suhosin.get.max_value_length = 512 ; Defines the maximum number of variables that may be registered through the ; URL. ;suhosin.get.max_vars = 100 ; When set to On ASCIIZ chars are not allowed in variables. ;suhosin.get.disallow_nul = 1 ; Defines the maximum depth an array variable may have, when registered through ; a POST request. ;suhosin.post.max_array_depth = 50 ; Defines the maximum length of array indices for variables registered through ; a POST request. ;suhosin.post.max_array_index_length = 64 ; Defines the maximum length of variable names for variables registered through ; a POST request. For array variables this is the name in front of the indices. ;suhosin.post.max_name_length = 64 ; Defines the maximum length of the total variable name when registered through ; a POST request. For array variables this includes all indices. ;suhosin.post.max_totalname_length = 256 ; Defines the maximum length of a variable that is registered through a POST ; request. ;suhosin.post.max_value_length = 1000000 ; Defines the maximum number of variables that may be registered through a POST ; request. ;suhosin.post.max_vars = 1000 ; When set to On ASCIIZ chars are not allowed in variables. ;suhosin.post.disallow_nul = 1 ; Defines the maximum depth an array variable may have, when registered through ; GET , POST or COOKIE. This setting is also an upper limit for the separate ; GET, POST, COOKIE configuration directives. ;suhosin.request.max_array_depth = 50 ; Defines the maximum length of array indices for variables registered through ; GET, POST or COOKIE. This setting is also an upper limit for the separate ; GET, POST, COOKIE configuration directives. ;suhosin.request.max_array_index_length = 64 ; Defines the maximum length of variable names for variables registered through ; the COOKIE, the URL or through a POST request. This is the complete name ; string, including all indicies. This setting is also an upper limit for the ; separate GET, POST, COOKIE configuration directives. ;suhosin.request.max_totalname_length = 256 ; Defines the maximum length of a variable that is registered through the ; COOKIE, the URL or through a POST request. This setting is also an upper ; limit for the variable origin specific configuration directives. ;suhosin.request.max_value_length = 1000000 ; Defines the maximum number of variables that may be registered through the ; COOKIE, the URL or through a POST request. This setting is also an upper ; limit for the variable origin specific configuration directives. ;suhosin.request.max_vars = 1000 ; Defines the maximum name length (excluding possible array indicies) of ; variables that may be registered through the COOKIE, the URL or through a ; POST request. This setting is also an upper limit for the variable origin ; specific configuration directives. ;suhosin.request.max_varname_length = 64 ; When set to On ASCIIZ chars are not allowed in variables. ;suhosin.request.disallow_nul = 1 ; When set to On the dangerous characters <>"'` are urlencoded when found ; not encoded in the server variables REQUEST_URI and QUERY_STRING. This ; will protect against some XSS vulnerabilities. ;suhosin.server.encode = 1 ; When set to On the dangerous characters <>"'` are replaced with ? in ; the server variables PHP_SELF, PATH_TRANSLATED and PATH_INFO. This will ; protect against some XSS vulnerabilities. ;suhosin.server.strip = 1 ; Defines the maximum number of files that may be uploaded with one request. ;suhosin.upload.max_uploads = 25 ; When set to On it is not possible to upload ELF executables. ;suhosin.upload.disallow_elf = 1 ; When set to On it is not possible to upload binary files. ;suhosin.upload.disallow_binary = 0 ; When set to On binary content is removed from the uploaded files. ;suhosin.upload.remove_binary = 0 ; This defines the full path to a verification script for uploaded files. The ; script gets the temporary filename supplied and has to decide if the upload ; is allowed. A possible application for this is to scan uploaded files for ; viruses. The called script has to write a 1 as first line to standard output ; to allow the upload. Any other value or no output at all will result in the ; file being deleted. ;suhosin.upload.verification_script = ; Specifies the maximum length of the session identifier that is allowed. When ; a longer session identifier is passed a new session identifier will be ; created. This feature is important to fight bufferoverflows in 3rd party ; session handlers. ;suhosin.session.max_id_length = 128 ; Undocumented: Controls if suhosin coredumps when the optional suhosin patch ; detects a bufferoverflow, memory corruption or double free. This is only ; for debugging purposes and should not be activated. ;suhosin.coredump = Off ; Undocumented: Controls if the encryption keys specified by the configuration ; are shown in the phpinfo() output or if they are hidden from it ;suhosin.protectkey = 1 ; Controls if suhosin loads in stealth mode when it is not the only ; zend_extension (Required for full compatibility with certain encoders ; that consider open source untrusted. e.g. ionCube, Zend) ;suhosin.stealth = 1 ; Controls if suhosin's ini directives are changeable per directory ; because the admin might want to allow some features to be controlable ; by .htaccess and some not. For example the logging capabilities can ; break safemode and open_basedir restrictions when .htaccess support is ; allowed and the admin forgot to fix their values in httpd.conf ; An empty value or a 0 will result in all directives not allowed in ; .htaccess. The string "legcprsum" will allow logging, execution, get, ; post, cookie, request, sql, upload, misc features in .htaccess ;suhosin.perdir = "0"