02.07.2021, 15:37
Apache php.ini auf dem Server anpassen und optimieren:
Auch im LAN lohnt ein Blick auf die php.ini, selbst. Das gilt auch wenn keine Freigaben am Router eingerichtet worden sind.
In dieser sehr umfangreichen Konfigurationsdatei sind viele Einstellungen der Umgebungsvariablen möglich.
Suche nach der php.ini
lordsniefnase@sliplady:~$ sudo find / -name php.ini
[sudo] password for lordsniefnase:
Ausgabe:
/etc/php/7.4/cli/php.ini
/etc/php/7.4/apache2/php.ini
anzeigen und anpasssen:
lordsniefnase@sliplady:~$ nano /etc/php/7.4/apache2/php.ini
lordsniefnase@sliplady:~$ su
Password:
root@sliplady:/home/lordsniefnase# cd
Nochmal:
root@sliplady:~# nano /etc/php/7.4/apache2/php.ini
Auszug:
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
; Whether to allow HTTP file uploads.
; php.net/file-uploads
file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
; php.net/upload-tmp-dir
;upload_tmp_dir =
; Maximum allowed size for uploaded files.
; php.net/upload-max-filesize
upload_max_filesize = 2G
; Maximum number of files that can be uploaded via a single request
max_file_uploads = 100
####################################
; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; php.net/post-max-size
post_max_size = 3G
###################################
;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;
; Maximum execution time of each script, in seconds
; php.net/max-execution-time
; Note: This directive is hardcoded to 0 for the CLI SAPI
max_execution_time = 300
; Maximum amount of time each script may spend parsing request data. It's a good
; idea to limit this time on productions servers in order to eliminate unexpectedly
; long running scripts.
; Note: This directive is hardcoded to -1 for the CLI SAPI
; Default Value: -1 (Unlimited)
; Development Value: 60 (60 seconds)
; Production Value: 60 (60 seconds)
; php.net/max-input-time
max_input_time = 600
; Maximum input variable nesting level
; php.net/max-input-nesting-level
;max_input_nesting_level = 64
; How many GET/POST/COOKIE input variables may be accepted
;max_input_vars = 1000
; Maximum amount of memory a script may consume (128MB)
; php.net/memory-limit
memory_limit = 256M
#################################
; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names.
; php.net/disable-functions
disable_functions = show_source,system,shell_exec,passthru,exec,phpinfo,
mail,
pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,
pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,
pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
###############################
;;;;;;;;;;;;;;;;;
; Miscellaneous ;
;;;;;;;;;;;;;;;;;
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; php.net/expose-php
expose_php = Off
#############################
Nach der Änderung mit Strg+o abspeichern, Strg+x verlassen.
Neustart:
root@sliplady:~# reboot
Neue Berechtigungen für empfindliche Dateien im html-Verzeichnis setzen:
lordsniefnase@sliplady:~$ sudo chmod 640 /var/www/html/wp-config.php
[sudo] password for lordsniefnase:
lordsniefnase@sliplady:~$ sudo chmod 400 /var/www/html/.htaccess
Regeln für ufw:
lordsniefnase@sliplady:~$ sudo ufw deny out 25
lordsniefnase@sliplady:~$ sudo ufw deny 110
lordsniefnase@sliplady:~$ sudo ufw deny 995
lordsniefnase@sliplady:~$ sudo ufw reload
- Speicher Limit erhöhen
- Mail komplett deaktivieren
- Wordpress Upload Limit erhöhen
- Mehr Security Einstellungen in der php.ini
Auch im LAN lohnt ein Blick auf die php.ini, selbst. Das gilt auch wenn keine Freigaben am Router eingerichtet worden sind.
In dieser sehr umfangreichen Konfigurationsdatei sind viele Einstellungen der Umgebungsvariablen möglich.
Suche nach der php.ini
lordsniefnase@sliplady:~$ sudo find / -name php.ini
[sudo] password for lordsniefnase:
Ausgabe:
/etc/php/7.4/cli/php.ini
/etc/php/7.4/apache2/php.ini
anzeigen und anpasssen:
lordsniefnase@sliplady:~$ nano /etc/php/7.4/apache2/php.ini
lordsniefnase@sliplady:~$ su
Password:
root@sliplady:/home/lordsniefnase# cd
Nochmal:
root@sliplady:~# nano /etc/php/7.4/apache2/php.ini
Auszug:
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
; Whether to allow HTTP file uploads.
; php.net/file-uploads
file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
; php.net/upload-tmp-dir
;upload_tmp_dir =
; Maximum allowed size for uploaded files.
; php.net/upload-max-filesize
upload_max_filesize = 2G
; Maximum number of files that can be uploaded via a single request
max_file_uploads = 100
####################################
; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; php.net/post-max-size
post_max_size = 3G
###################################
;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;
; Maximum execution time of each script, in seconds
; php.net/max-execution-time
; Note: This directive is hardcoded to 0 for the CLI SAPI
max_execution_time = 300
; Maximum amount of time each script may spend parsing request data. It's a good
; idea to limit this time on productions servers in order to eliminate unexpectedly
; long running scripts.
; Note: This directive is hardcoded to -1 for the CLI SAPI
; Default Value: -1 (Unlimited)
; Development Value: 60 (60 seconds)
; Production Value: 60 (60 seconds)
; php.net/max-input-time
max_input_time = 600
; Maximum input variable nesting level
; php.net/max-input-nesting-level
;max_input_nesting_level = 64
; How many GET/POST/COOKIE input variables may be accepted
;max_input_vars = 1000
; Maximum amount of memory a script may consume (128MB)
; php.net/memory-limit
memory_limit = 256M
#################################
; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names.
; php.net/disable-functions
disable_functions = show_source,system,shell_exec,passthru,exec,phpinfo,
mail,
pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,
pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,
pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
###############################
;;;;;;;;;;;;;;;;;
; Miscellaneous ;
;;;;;;;;;;;;;;;;;
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; php.net/expose-php
expose_php = Off
#############################
Nach der Änderung mit Strg+o abspeichern, Strg+x verlassen.
Neustart:
root@sliplady:~# reboot
Neue Berechtigungen für empfindliche Dateien im html-Verzeichnis setzen:
lordsniefnase@sliplady:~$ sudo chmod 640 /var/www/html/wp-config.php
[sudo] password for lordsniefnase:
lordsniefnase@sliplady:~$ sudo chmod 400 /var/www/html/.htaccess
Regeln für ufw:
lordsniefnase@sliplady:~$ sudo ufw deny out 25
lordsniefnase@sliplady:~$ sudo ufw deny 110
lordsniefnase@sliplady:~$ sudo ufw deny 995
lordsniefnase@sliplady:~$ sudo ufw reload