linux:commserv:php:config

Inhaltsverzeichnis

PHP5 configuration for GOsa and eGroupWare
- eGroupWare
  - asynchronous Service (asynchroner Dienst)
- GOsa

PHP5 configuration for GOsa and eGroupWare

eGroupWare

When I added about 250 users to a group in GOsa or in eGroupWare, I encountered the following problem with (open)SUSE 10.2, which I did not encounter with SUSE 10.0:

station7: suhosin[373]: ALERT - configured request variable limit exceeded - dropped variable \
'account_user[]' (attacker '172.16.130.9', file '/srv/www/htdocs/egroupware/index.php')

or:

station7: suhosin[371]: ALERT - configured request variable limit exceeded - dropped variable \
'users[]' (attacker '172.16.130.9', file '/srv/www/htdocs/gosa/html/main.php')

After a while of research, I found the reason for this problem: the PHP5-packages of SUSE 10.2 were hardened with the Suhosin Extension 0.9.10. And the defaults were way to small for my needs …
The defaults were:

suhosin.get.max_vars 100
suhosin.post.max_vars 200
suhosin.request.max_vars 200

So I set higher parameters:

/etc/apache2/conf.d/egroupware.conf:

# Apache and PHP configuration for eGroupWare
#
# Read /usr/share/doc/egroupware-core/phpgwapi/php-configuration.txt and
# /etc/php4/apache/php.ini about the meanings and suggested values for
# the configuration settings.  Many settings are required to have a
# certain value for eGroupWare to function reasonably, so only change
# something if you are sure.

Alias /egroupware /srv/www/htdocs/egroupware

<Directory /srv/www/htdocs/egroupware/>
  Options FollowSymLinks ExecCGI
  AllowOverride None
  Order allow,deny
  Allow from all
  DirectoryIndex index.html index.php
  AddHandler cgi-script .cgi
  AddDefaultCharset Off
  #--- php-settings - overriding /etc/php5/apache2/php.ini !!! ---#
  php_flag  magic_quotes_runtime Off
  php_flag register_globals Off
  php_value memory_limit 64M
  php_value max_execution_time 90
  php_flag file_uploads On
  php_value upload_max_filesize 6M
  php_value include_path .:/usr/share/php5/PEAR:/usr/share/php5
  php_value mbstring.func_overload 7
  php_flag magic_quotes_gpc Off
  php_value session.save_path /var/lib/egroupware/sessions
  php_value open_basedir /srv/www/htdocs/egroupware:/var/lib/egroupware:/tmp
  #--
  php_flag log_errors On
  php_flag short_open_tag On
  php_flag track_vars On
  php_value error_reporting 'E_ALL & ~E_NOTICE'
  php_value session.gc_maxlifetime 1440
  #-- php-suhosin-settings - overriding /etc/php5/conf.d/suhosin.ini !!! --#
  php_value suhosin.cookie.encrypt On
  php_value suhosin.get.max_vars 1000
  #php_value suhosin.post.max_array_index_length 1000
  #php_value suhosin.post.max_totalname_length 1000
  php_value suhosin.post.max_vars 1000
  #php_value suhosin.request.max_totalname_length 1000
  #php_value suhosin.request.max_array_depth 1000
  php_value suhosin.request.max_vars 1000

  <Files ~ "\.inc\.php$">
    Order allow,deny
    Deny from all
  </Files>
</Directory>

<Directory /srv/www/htdocs/egroupware/fudforum/>
  AllowOverride Limit Options
</Directory>

<Directory /srv/www/htdocs/egroupware/phpsysinfo/>
  php_value open_basedir /
</Directory>

<Location /egroupware/icalsrv.php>
    Script PUT /srv/www/htdocs/egroupware/icalsrv.php
    AddHandler ical/ics .ics
    Action ical/ics /srv/www/htdocs/egroupware/icalsrv.php
    Order allow,deny
    Allow from all
</Location>

<Location /egroupware/rpc.php>
    php_value mbstring.func_overload 0
    Order allow,deny
    Allow from all
</Location>

asynchronous Service (asynchroner Dienst)

Don't forget to increase also the memory_limit and the max_execution_time in /etc/php5/cli/php.ini, if you dare to run the asynchronous service …
/etc/php5/cli/php.ini:

memory_limit = 64M;
max_execution_time = 90;

GOsa

/etc/apache2/conf.d/gosa.conf:

# Set alias to gosa
Alias /gosa /srv/www/htdocs/gosa/html

<Directory /srv/www/htdocs/gosa/>
  Options FollowSymLinks ExecCGI
  AllowOverride None
  Order allow,deny
  Allow from all
  DirectoryIndex index.htm index.php
  AddHandler cgi-script .cgi
  AddDefaultCharset Off
  #--- php-settings - overriding /etc/php5/apache2/php.ini !!! ---#
  php_flag zend.ze1_compatibility_mode Off
  php_flag allow_call_time_pass_reference On
  php_flag memory_limit 64M
  php_flag register_long_arrays On
  php_flag include_path .:/usr/share/php5:/usr/share/php5/PEAR
  php_flag upload_max_filesize 10M
  php_flag mbstring.func_overload 7
  #--
  #php_flag  magic_quotes_runtime Off
  #php_flag register_globals Off
  #php_value memory_limit 64M
  #php_value max_execution_time 90
  #php_flag file_uploads On
  #php_value upload_max_filesize 6M
  #php_value include_path .:/usr/share/php5/PEAR:/usr/share/php5
  #php_value mbstring.func_overload 7
  #php_flag magic_quotes_gpc Off
  #php_value session.save_path /var/lib/egroupware/sessions
  #php_value open_basedir /srv/www/htdocs/egroupware:/var/lib/egroupware:/tmp
  #php_flag log_errors On
  #php_flag short_open_tag On
  #php_flag track_vars On
  #php_value error_reporting 'E_ALL & ~E_NOTICE'
  #php_value session.gc_maxlifetime 1440
  #-- php-suhosin-settings - overriding /etc/php5/conf.d/suhosin.ini !!! --#
  php_value suhosin.cookie.encrypt On
  php_value suhosin.get.max_vars 1000
  #php_value suhosin.post.max_array_index_length 1000
  #php_value suhosin.post.max_totalname_length 1000
  php_value suhosin.post.max_vars 1000
  #php_value suhosin.request.max_totalname_length 1000
  #php_value suhosin.request.max_array_depth 1000
  php_value suhosin.request.max_vars 1000
</Directory>

← index