PHP5 configuration for GOsa and eGroupWare
eGroupWare
When I added about 250 users to a group in GOsa or in eGroupWare, I encountered the following problem with (open)SUSE 10.2, which I did not encounter with SUSE 10.0:
station7: suhosin[373]: ALERT - configured request variable limit exceeded - dropped variable \ 'account_user[]' (attacker '172.16.130.9', file '/srv/www/htdocs/egroupware/index.php')
or:
station7: suhosin[371]: ALERT - configured request variable limit exceeded - dropped variable \ 'users[]' (attacker '172.16.130.9', file '/srv/www/htdocs/gosa/html/main.php')
After a while of research, I found the reason for this problem: the PHP5-packages of SUSE 10.2 were hardened with the Suhosin Extension 0.9.10. And the defaults were way to small for my needs …
The defaults were:
suhosin.get.max_vars 100
suhosin.post.max_vars 200
suhosin.request.max_vars 200
So I set higher parameters:
/etc/apache2/conf.d/egroupware.conf:
# Apache and PHP configuration for eGroupWare # # Read /usr/share/doc/egroupware-core/phpgwapi/php-configuration.txt and # /etc/php4/apache/php.ini about the meanings and suggested values for # the configuration settings. Many settings are required to have a # certain value for eGroupWare to function reasonably, so only change # something if you are sure. Alias /egroupware /srv/www/htdocs/egroupware <Directory /srv/www/htdocs/egroupware/> Options FollowSymLinks ExecCGI AllowOverride None Order allow,deny Allow from all DirectoryIndex index.html index.php AddHandler cgi-script .cgi AddDefaultCharset Off #--- php-settings - overriding /etc/php5/apache2/php.ini !!! ---# php_flag magic_quotes_runtime Off php_flag register_globals Off php_value memory_limit 64M php_value max_execution_time 90 php_flag file_uploads On php_value upload_max_filesize 6M php_value include_path .:/usr/share/php5/PEAR:/usr/share/php5 php_value mbstring.func_overload 7 php_flag magic_quotes_gpc Off php_value session.save_path /var/lib/egroupware/sessions php_value open_basedir /srv/www/htdocs/egroupware:/var/lib/egroupware:/tmp #-- php_flag log_errors On php_flag short_open_tag On php_flag track_vars On php_value error_reporting 'E_ALL & ~E_NOTICE' php_value session.gc_maxlifetime 1440 #-- php-suhosin-settings - overriding /etc/php5/conf.d/suhosin.ini !!! --# php_value suhosin.cookie.encrypt On php_value suhosin.get.max_vars 1000 #php_value suhosin.post.max_array_index_length 1000 #php_value suhosin.post.max_totalname_length 1000 php_value suhosin.post.max_vars 1000 #php_value suhosin.request.max_totalname_length 1000 #php_value suhosin.request.max_array_depth 1000 php_value suhosin.request.max_vars 1000 <Files ~ "\.inc\.php$"> Order allow,deny Deny from all </Files> </Directory> <Directory /srv/www/htdocs/egroupware/fudforum/> AllowOverride Limit Options </Directory> <Directory /srv/www/htdocs/egroupware/phpsysinfo/> php_value open_basedir / </Directory> <Location /egroupware/icalsrv.php> Script PUT /srv/www/htdocs/egroupware/icalsrv.php AddHandler ical/ics .ics Action ical/ics /srv/www/htdocs/egroupware/icalsrv.php Order allow,deny Allow from all </Location> <Location /egroupware/rpc.php> php_value mbstring.func_overload 0 Order allow,deny Allow from all </Location>
asynchronous Service (asynchroner Dienst)
Don't forget to increase also the memory_limit and the max_execution_time in /etc/php5/cli/php.ini, if you dare to run the asynchronous service …
/etc/php5/cli/php.ini:
memory_limit = 64M; max_execution_time = 90;
GOsa
/etc/apache2/conf.d/gosa.conf:
# Set alias to gosa Alias /gosa /srv/www/htdocs/gosa/html <Directory /srv/www/htdocs/gosa/> Options FollowSymLinks ExecCGI AllowOverride None Order allow,deny Allow from all DirectoryIndex index.htm index.php AddHandler cgi-script .cgi AddDefaultCharset Off #--- php-settings - overriding /etc/php5/apache2/php.ini !!! ---# php_flag zend.ze1_compatibility_mode Off php_flag allow_call_time_pass_reference On php_flag memory_limit 64M php_flag register_long_arrays On php_flag include_path .:/usr/share/php5:/usr/share/php5/PEAR php_flag upload_max_filesize 10M php_flag mbstring.func_overload 7 #-- #php_flag magic_quotes_runtime Off #php_flag register_globals Off #php_value memory_limit 64M #php_value max_execution_time 90 #php_flag file_uploads On #php_value upload_max_filesize 6M #php_value include_path .:/usr/share/php5/PEAR:/usr/share/php5 #php_value mbstring.func_overload 7 #php_flag magic_quotes_gpc Off #php_value session.save_path /var/lib/egroupware/sessions #php_value open_basedir /srv/www/htdocs/egroupware:/var/lib/egroupware:/tmp #php_flag log_errors On #php_flag short_open_tag On #php_flag track_vars On #php_value error_reporting 'E_ALL & ~E_NOTICE' #php_value session.gc_maxlifetime 1440 #-- php-suhosin-settings - overriding /etc/php5/conf.d/suhosin.ini !!! --# php_value suhosin.cookie.encrypt On php_value suhosin.get.max_vars 1000 #php_value suhosin.post.max_array_index_length 1000 #php_value suhosin.post.max_totalname_length 1000 php_value suhosin.post.max_vars 1000 #php_value suhosin.request.max_totalname_length 1000 #php_value suhosin.request.max_array_depth 1000 php_value suhosin.request.max_vars 1000 </Directory>
← index