Zizzla_JA Posted October 31, 2014 Share Posted October 31, 2014 Hello, I was ruining throw my security center check list from the (ACP) when i came across = > Enable open_basedir We recommend enabling the PHP configuration option open_basedir and setting it to your webroot and temporary directory. Any one tell me first why this is re-commented ? and secondly what effect this has ? and last point is it a security risk not to have it enabled ? Many thanks in advance... :smile: Link to comment Share on other sites More sharing options...
AndyF Posted October 31, 2014 Share Posted October 31, 2014 It can improve security as it is in effect a restriction on what directories (and subdirectories within) are permitted to access the filesystem. You'll probably want to include your tmp directory in this as well. Link to comment Share on other sites More sharing options...
Zizzla_JA Posted October 31, 2014 Author Share Posted October 31, 2014 Nice one Andy i will enable it, by the way i am currently away from my site at the moment so i will enable the open_basedir shortly were you say " include your tmp directory " is this option available to me throw the open_basedir ? If not how do i consider doing that ?? Link to comment Share on other sites More sharing options...
AndyF Posted October 31, 2014 Share Posted October 31, 2014 You'll have to add it to php.ini (if you are able to have a local one) Ask your host if this is possible first. :) Link to comment Share on other sites More sharing options...
Zizzla_JA Posted October 31, 2014 Author Share Posted October 31, 2014 I am not at all formula with what you say Andy adding stuff, but i use whms & Cpanel ! now i am wanting to try this for myself, but as this is not some thing i wish to mess up !! can you tell me were to start looking & add what were? Hope you can guide me throw this ?? and thanks again for your reply :smile: Link to comment Share on other sites More sharing options...
ASTRAPI Posted October 31, 2014 Share Posted October 31, 2014 Hi Zizzla_JA On whm go to: Home »Security Center »PHP open_basedir Tweak Easiest way is to search for it on the top left as : PHP open_basedir Tweak And select the Enable php open_basedir Protection :smile: You can see there that you can exclude any domains that you may want also.... Link to comment Share on other sites More sharing options...
Zizzla_JA Posted October 31, 2014 Author Share Posted October 31, 2014 Appreciated ASTRAPI :thumbsup: i will try following your guide... Link to comment Share on other sites More sharing options...
ASTRAPI Posted October 31, 2014 Share Posted October 31, 2014 No problem :) Enjoy ! Link to comment Share on other sites More sharing options...
Zizzla_JA Posted November 1, 2014 Author Share Posted November 1, 2014 PHP open_basedir Tweak = > PHP open_basedir Protection PHP's open_basedir protection prevents users from opening files outside of their home directory with php. This security tweak uses Apache DSO style directives. If PHP is configured to run as a CGI, SuPHP or FastCGI process, the open_basedir setting must be manually specified in the relevant php.ini file. Enable php open_basedir Protection = > Host = > check Well it seems my server management guys had already enabled it so i did not edit any thing there, i just need to enable open_basedir now from the ACP :smile: cheers AndyF & ASTRAPI for your time answering my post.. :thumbsup: Link to comment Share on other sites More sharing options...
ASTRAPI Posted November 1, 2014 Share Posted November 1, 2014 Good to hear that you fix it :smile: Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.