Suhosin配置

九月 25, 2007 at 1:26 上午 by · Filed under freebsd, PHP, 操作系统

相信很多人使用BSD安装PHP的时候,都会发现有一个选项Suhosin。开启这个选项之后是增加PHP安全性的。如果配置Suhosin呢?下面是我正在使用的配置文件

详细的配置说明,请看官方
我的配置文件只是把配置选项跟介绍放上来。

  1. [suhosin]
  2.  
  3. ; -----------------------------------------------------------------------------
  4. ; Logging Options
  5.  
  6. ; Defines what classes of security alerts are logged to the syslog daemon.
  7. ; Logging of errors of the class S_MEMORY are always logged to syslog, no
  8. ; matter what this configuration says, because a corrupted heap could mean that
  9. ; the other logging options will malfunction during the logging process.
  10. ;suhosin.log.syslog =
  11.  
  12. ; Defines the syslog facility that is used when ALERTs are logged to syslog.
  13. ;suhosin.log.syslog.facility =
  14.  
  15. ; Defines the syslog priority that is used when ALERTs are logged to syslog.
  16. ;suhosin.log.syslog.priority =
  17.  
  18. ; Defines what classes of security alerts are logged through the SAPI error log.
  19. ;suhosin.log.sapi =
  20.  
  21. ; Defines what classes of security alerts are logged through the external
  22. ; logging.
  23. ;suhosin.log.script =
  24.  
  25. ; Defines what classes of security alerts are logged through the defined PHP
  26. ; script.
  27. ;suhosin.log.phpscript = 0
  28.  
  29. ; Defines the full path to a external logging script. The script is called with
  30. ; 2 parameters. The first one is the alert class in string notation and the
  31. ; second parameter is the log message. This can be used for example to mail
  32. ; failing MySQL queries to your email address, because on a production system
  33. ; these things should never happen.
  34. ;suhosin.log.script.name =
  35.  
  36. ; Defines the full path to a PHP logging script. The script is called with 2
  37. ; variables registered in the current scope: SUHOSIN_ERRORCLASS and
  38. ; SUHOSIN_ERROR. The first one is the alert class and the second variable is
  39. ; the log message. This can be used for example to mail attempted remote URL
  40. ; include attacks to your email address.
  41. ;suhosin.log.phpscript.name =
  42.  
  43. ; Undocumented
  44. ;suhosin.log.phpscript.is_safe = Off
  45.  
  46. ; When the Hardening-Patch logs an error the log message also contains the IP
  47. ; of the attacker. Usually this IP is retrieved from the REMOTE_ADDR SAPI
  48. ; environment variable. With this switch it is possible to change this behavior
  49. ; to read the IP from the X-Forwarded-For HTTP header. This is f.e. necessary
  50. ; when your PHP server runs behind a reverse proxy.
  51. ;suhosin.log.use-x-forwarded-for = Off
  52.  
  53. ; -----------------------------------------------------------------------------
  54. ; Executor Options
  55.  
  56. ; Defines the maximum stack depth allowed by the executor before it stops the
  57. ; script. Without this function an endless recursion in a PHP script could
  58. ; crash the PHP executor or trigger the configured memory_limit. A value of
  59. ; "0" disables this feature.
  60. ;suhosin.executor.max_depth = 0
  61.  
  62. ; Defines how many "../" an include filename needs to contain to be considered
  63. ; an attack and stopped. A value of "2" will block "../../etc/passwd", while a
  64. ; value of "3" will allow it. Most PHP applications should work flawlessly with
  65. ; values "4" or "5". A value of "0" disables this feature.
  66. ;suhosin.executor.include.max_traversal = 0
  67.  
  68. ; Comma separated whitelist of URL schemes that are allowed to be included from
  69. ; include or require statements. Additionally to URL schemes it is possible to
  70. ; specify the beginning of allowed URLs. (f.e.: php://stdin) If no whitelist is
  71. ; specified, then the blacklist is evaluated.
  72. ;suhosin.executor.include.whitelist =
  73.  
  74. ; Comma separated blacklist of URL schemes that are not allowed to be included
  75. ; from include or require statements. Additionally to URL schemes it is
  76. ; possible to specify the beginning of allowed URLs. (f.e.: php://stdin) If no
  77. ; blacklist and no whitelist is specified all URL schemes are forbidden.
  78. ;suhosin.executor.include.blacklist =
  79.  
  80. ; Comma separated whitelist of functions that are allowed to be called. If the
  81. ; whitelist is empty the blacklist is evaluated, otherwise calling a function
  82. ; not in the whitelist will terminate the script and get logged.
  83. ;suhosin.executor.func.whitelist =
  84.  
  85. ; Comma separated blacklist of functions that are not allowed to be called. If
  86. ; no whitelist is given, calling a function within the blacklist will terminate
  87. ; the script and get logged.
  88. ;suhosin.executor.func.blacklist =
  89.  
  90. ; Comma separated whitelist of functions that are allowed to be called from
  91. ; within eval(). If the whitelist is empty the blacklist is evaluated,
  92. ; otherwise calling a function not in the whitelist will terminate the script
  93. ; and get logged.
  94. ;suhosin.executor.eval.whitelist =
  95.  
  96. ; Comma separated blacklist of functions that are not allowed to be called from
  97. ; within eval(). If no whitelist is given, calling a function within the
  98. ; blacklist will terminate the script and get logged.
  99. ;suhosin.executor.eval.blacklist =
  100.  
  101. ; eval() is a very dangerous statement and therefore you might want to disable
  102. ; it completely. Deactivating it will however break lots of scripts. Because
  103. ; every violation is logged, this allows finding all places where eval() is
  104. ; used.
  105. ;suhosin.executor.disable_eval = Off
  106.  
  107. ; The /e modifier inside preg_replace() allows code execution. Often it is the
  108. ; cause for remote code execution exploits. It is wise to deactivate this
  109. ; feature and test where in the application it is used. The developer using the
  110. ; /e modifier should be made aware that he should use preg_replace_callback()
  111. ; instead.
  112. ;suhosin.executor.disable_emodifier = Off
  113.  
  114. ; This flag reactivates symlink() when open_basedir is used, which is disabled
  115. ; by default in Suhosin >= 0.9.6. Allowing symlink() while open_basedir is used
  116. ; is actually a security risk.
  117. ;suhosin.executor.allow_symlink = Off
  118.  
  119. ; -----------------------------------------------------------------------------
  120. ; Misc Options
  121.  
  122. ; If you fear that Suhosin breaks your application, you can activate Suhosin's
  123. ; simulation mode with this flag. When Suhosin runs in simulation mode,
  124. ; violations are logged as usual, but nothing is blocked or removed from the
  125. ; request. (Transparent Encryptions are NOT deactivated in simulation mode.)
  126. ;suhosin.simulation = Off
  127.  
  128. ; APC 3.0.12(p1/p2) uses reserved resources without requesting a resource slot
  129. ; first. It always uses resource slot 0. If Suhosin got this slot assigned APC
  130. ; will overwrite the information Suhosin stores in this slot. When this flag is
  131. ; set Suhosin will request 2 Slots and use the second one. This allows working
  132. ; correctly with these buggy APC versions.
  133. ;suhosin.apc_bug_workaround = Off
  134.  
  135. ; When a SQL Query fails scripts often spit out a bunch of useful information
  136. ; for possible attackers. When this configuration directive is turned on, the
  137. ; script will silently terminate, after the problem has been logged. (This is
  138. ; not yet supported)
  139. ;suhosin.sql.bailout_on_error = Off
  140.  
  141. ; This is an experimental feature for shared environments. With this
  142. ; configuration option it is possible to specify a prefix that is automatically
  143. ; prepended to the database username, whenever a database connection is made.
  144. ; (Unless the username starts with the prefix)
  145. ;suhosin.sql.user_prefix =
  146.  
  147. ; This is an experimental feature for shared environments. With this
  148. ; configuration option it is possible to specify a postfix that is
  149. ; automatically appended to the database username, whenever a database
  150. ; connection is made. (Unless the username end with the postfix)
  151. ;
  152. ; With this feature it is possible for shared hosters to disallow customers to
  153. ; connect with the usernames of other customers. This feature is experimental,
  154. ; because support for PDO and PostgreSQL are not yet implemented.
  155. ;suhosin.sql.user_postfix =
  156.  
  157. ; This directive controls if multiple headers are allowed or not in a header()
  158. ; call. By default the Hardening-Patch forbids this. (HTTP headers spanning
  159. ; multiple lines are still allowed).
  160. ;suhosin.multiheader = Off
  161.  
  162. ; This directive controls if the mail() header protection is activated or not
  163. ; and to what degree it is activated. The appended table lists the possible
  164. ; activation levels.
  165. suhosin.mail.protect = 1
  166.  
  167. ; As long scripts are not running within safe_mode they are free to change the
  168. ; memory_limit to whatever value they want. Suhosin changes this fact and
  169. ; disallows setting the memory_limit to a value greater than the one the script
  170. ; started with, when this option is left at 0. A value greater than 0 means
  171. ; that Suhosin will disallows scripts setting the memory_limit to a value above
  172. ; this configured hard limit. This is for example usefull if you want to run
  173. ; the script normaly with a limit of 16M but image processing scripts may raise
  174. ; it to 20M.
  175. ;suhosin.memory_limit = 0
  176.  
  177. ; -----------------------------------------------------------------------------
  178. ; Transparent Encryption Options
  179.  
  180. ; Flag that decides if the transparent session encryption is activated or not.
  181. ;suhosin.session.encrypt = On
  182.  
  183. ; Session data can be encrypted transparently. The encryption key used consists
  184. ; of this user defined string (which can be altered by a script via ini_set())
  185. ; and optionally the User-Agent, the Document-Root and 0-4 Octects of the
  186. ; REMOTE_ADDR.
  187. ;suhosin.session.cryptkey =
  188.  
  189. ; Flag that decides if the transparent session encryption key depends on the
  190. ; User-Agent field. (When activated this feature transparently adds a little
  191. ; bit protection against session fixation/hijacking attacks)
  192. ;suhosin.session.cryptua = On
  193.  
  194. ; Flag that decides if the transparent session encryption key depends on the
  195. ; Documentroot field.
  196. ;suhosin.session.cryptdocroot = On
  197.  
  198. ; Number of octets (0-4) from the REMOTE_ADDR that the transparent session
  199. ; encryption key depends on. Keep in mind that this should not be used on sites
  200. ; that have visitors from big ISPs, because their IP address often changes
  201. ; during a session. But this feature might be interesting for admin interfaces
  202. ; or intranets. When used wisely this is a transparent protection against
  203. ; session hijacking/fixation.
  204. ;suhosin.session.cryptraddr = 0
  205.  
  206. ; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
  207. ; session. The difference to suhosin.session.cryptaddr is, that the IP is not
  208. ; part of the encryption key, so that the same session can be used for
  209. ; different areas with different protection levels on the site.
  210. ;suhosin.session.checkraddr = 0
  211.  
  212. ; Flag that decides if the transparent cookie encryption is activated or not.
  213. ;suhosin.cookie.encrypt = 0
  214.  
  215. ; Cookies can be encrypted transparently. The encryption key used consists of
  216. ; this user defined string and optionally the User-Agent, the Document-Root and
  217. ; 0-4 Octects of the REMOTE_ADDR.
  218. ;suhosin.cookie.cryptkey =
  219.  
  220. ; Flag that decides if the transparent session encryption key depends on the
  221. ; User-Agent field. (When activated this feature transparently adds a little
  222. ; bit protection against session fixation/hijacking attacks (if only session
  223. ; cookies are allowed))
  224. ;suhosin.cookie.cryptua = On
  225.  
  226. ; Flag that decides if the transparent cookie encryption key depends on the
  227. ; Documentroot field.
  228. ;suhosin.cookie.cryptdocroot = On
  229.  
  230. ; Number of octets (0-4) from the REMOTE_ADDR that the transparent cookie
  231. ; encryption key depends on. Keep in mind that this should not be used on sites
  232. ; that have visitors from big ISPs, because their IP address often changes
  233. ; during a session. But this feature might be interesting for admin interfaces
  234. ; or intranets. When used wisely this is a transparent protection against
  235. ; session hijacking/fixation.
  236. ;suhosin.cookie.cryptraddr = 0
  237.  
  238. ; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
  239. ; cookie. The difference to suhosin.cookie.cryptaddr is, that the IP is not
  240. ; part of the encryption key, so that the same cookie can be used for different
  241. ; areas with different protection levels on the site.
  242. ;suhosin.cookie.checkraddr = 0
  243.  
  244. ; In case not all cookies are supposed to get encrypted this is a comma
  245. ; separated list of cookie names that should get encrypted. All other cookies
  246. ; will not get touched.
  247. ;suhosin.cookie.cryptlist =
  248.  
  249. ; In case some cookies should not be crypted this is a comma separated list of
  250. ; cookies that do not get encrypted. All other cookies will be encrypted.
  251. ;suhosin.cookie.plainlist =
  252.  
  253. ; -----------------------------------------------------------------------------
  254. ; Filtering Options
  255.  
  256. ; Defines the reaction of Suhosin on a filter violation.
  257. ;suhosin.filter.action =
  258.  
  259. ; Defines the maximum depth an array variable may have, when registered through
  260. ; the COOKIE.
  261. ;suhosin.cookie.max_array_depth = 50
  262.  
  263. ; Defines the maximum length of array indices for variables registered through
  264. ; the COOKIE.
  265. ;suhosin.cookie.max_array_index_length = 64
  266.  
  267. ; Defines the maximum length of variable names for variables registered through
  268. ; the COOKIE. For array variables this is the name in front of the indices.
  269. ;suhosin.cookie.max_name_length = 64
  270.  
  271. ; Defines the maximum length of the total variable name when registered through
  272. ; the COOKIE. For array variables this includes all indices.
  273. ;suhosin.cookie.max_totalname_length = 256
  274.  
  275. ; Defines the maximum length of a variable that is registered through the
  276. ; COOKIE.
  277. ;suhosin.cookie.max_value_length = 10000
  278.  
  279. ; Defines the maximum number of variables that may be registered through the
  280. ; COOKIE.
  281. ;suhosin.cookie.max_vars = 100
  282.  
  283. ; When set to On ASCIIZ chars are not allowed in variables.
  284. ;suhosin.cookie.disallow_nul = 1
  285.  
  286. ; Defines the maximum depth an array variable may have, when registered through
  287. ; the URL
  288. ;suhosin.get.max_array_depth = 50
  289.  
  290. ; Defines the maximum length of array indices for variables registered through
  291. ; the URL
  292. ;suhosin.get.max_array_index_length = 64
  293.  
  294. ; Defines the maximum length of variable names for variables registered through
  295. ; the URL. For array variables this is the name in front of the indices.
  296. ;suhosin.get.max_name_length = 64
  297.  
  298. ; Defines the maximum length of the total variable name when registered through
  299. ; the URL. For array variables this includes all indices.
  300. ;suhosin.get.max_totalname_length = 256
  301.  
  302. ; Defines the maximum length of a variable that is registered through the URL.
  303. ;suhosin.get.max_value_length = 512
  304.  
  305. ; Defines the maximum number of variables that may be registered through the
  306. ; URL.
  307. ;suhosin.get.max_vars = 100
  308.  
  309. ; When set to On ASCIIZ chars are not allowed in variables.
  310. ;suhosin.get.disallow_nul = 1
  311.  
  312. ; Defines the maximum depth an array variable may have, when registered through
  313. ; a POST request.
  314. ;suhosin.post.max_array_depth = 50
  315.  
  316. ; Defines the maximum length of array indices for variables registered through
  317. ; a POST request.
  318. ;suhosin.post.max_array_index_length = 64
  319.  
  320. ; Defines the maximum length of variable names for variables registered through
  321. ; a POST request. For array variables this is the name in front of the indices.
  322. ;suhosin.post.max_name_length = 64
  323.  
  324. ; Defines the maximum length of the total variable name when registered through
  325. ; a POST request. For array variables this includes all indices.
  326. ;suhosin.post.max_totalname_length = 256
  327.  
  328. ; Defines the maximum length of a variable that is registered through a POST
  329. ; request.
  330. ;suhosin.post.max_value_length = 65000
  331.  
  332. ; Defines the maximum number of variables that may be registered through a POST
  333. ; request.
  334. ;suhosin.post.max_vars = 200
  335.  
  336. ; When set to On ASCIIZ chars are not allowed in variables.
  337. ;suhosin.post.disallow_nul = 1
  338.  
  339. ; Defines the maximum depth an array variable may have, when registered through
  340. ; GET , POST or COOKIE. This setting is also an upper limit for the separate
  341. ; GET, POST, COOKIE configuration directives.
  342. ;suhosin.request.max_array_depth = 50
  343.  
  344. ; Defines the maximum length of array indices for variables registered through
  345. ; GET, POST or COOKIE. This setting is also an upper limit for the separate
  346. ; GET, POST, COOKIE configuration directives.
  347. ;suhosin.request.max_array_index_length = 64
  348.  
  349. ; Defines the maximum length of variable names for variables registered through
  350. ; the COOKIE, the URL or through a POST request. This is the complete name
  351. ; string, including all indicies. This setting is also an upper limit for the
  352. ; separate GET, POST, COOKIE configuration directives.
  353. ;suhosin.request.max_totalname_length = 256
  354.  
  355. ; Defines the maximum length of a variable that is registered through the
  356. ; COOKIE, the URL or through a POST request. This setting is also an upper
  357. ; limit for the variable origin specific configuration directives.
  358. ;suhosin.request.max_value_length = 65000
  359.  
  360. ; Defines the maximum number of variables that may be registered through the
  361. ; COOKIE, the URL or through a POST request. This setting is also an upper
  362. ; limit for the variable origin specific configuration directives.
  363. ;suhosin.request.max_vars = 200
  364.  
  365. ; Defines the maximum name length (excluding possible array indicies) of
  366. ; variables that may be registered through the COOKIE, the URL or through a
  367. ; POST request. This setting is also an upper limit for the variable origin
  368. ; specific configuration directives.
  369. ;suhosin.request.max_varname_length = 64
  370.  
  371. ; When set to On ASCIIZ chars are not allowed in variables.
  372. ;suhosin.request.disallow_nul = 1
  373.  
  374. ; Defines the maximum number of files that may be uploaded with one request.
  375. ;suhosin.upload.max_uploads = 25
  376.  
  377. ; When set to On it is not possible to upload ELF executables.
  378. ;suhosin.upload.disallow_elf = 1
  379.  
  380. ; When set to On it is not possible to upload binary files.
  381. ;suhosin.upload.disallow_binary = 0
  382.  
  383. ; When set to On binary content is removed from the uploaded files.
  384. ;suhosin.upload.remove_binary = 0
  385.  
  386. ; This defines the full path to a verification script for uploaded files. The
  387. ; script gets the temporary filename supplied and has to decide if the upload
  388. ; is allowed. A possible application for this is to scan uploaded files for
  389. ; viruses. The called script has to write a 1 as first line to standard output
  390. ; to allow the upload. Any other value or no output at all will result in the
  391. ; file being deleted.
  392. ;suhosin.upload.verification_script =
  393.  
  394. ; Specifies the maximum length of the session identifier that is allowed. When
  395. ; a longer session identifier is passed a new session identifier will be
  396. ; created. This feature is important to fight bufferoverflows in 3rd party
  397. ; session handlers.
  398. ;suhosin.session.max_id_length = 128
  399.  
  400. ; Undocumented: Controls if suhosin coredumps when the optional suhosin patch
  401. ; detects a bufferoverflow, memory corruption or double free. This is only
  402. ; for debugging purposes and should not be activated.
  403. ;suhosin.coredump = Off
  404.  
  405. ; Undocumented: Controls if the encryption keys specified by the configuration
  406. ; are shown in the phpinfo() output or if they are hidden from it
  407. ;suhosin.protectkey = 1
  408.  
  409. ; Controls if suhosin loads in stealth mode when it is not the only
  410. ; zend_extension (Required for full compatibility with certain encoders
  411. ;  that consider open source untrusted. e.g. ionCube, Zend)
  412. ;suhosin.stealth = 1
  413.  
  414. ; Controls if suhosin's ini directives are changeable per directory
  415. ; because the admin might want to allow some features to be controlable
  416. ; by .htaccess and some not. For example the logging capabilities can
  417. ; break safemode and open_basedir restrictions when .htaccess support is
  418. ; allowed and the admin forgot to fix their values in httpd.conf
  419. ; An empty value or a 0 will result in all directives not allowed in
  420. ; .htaccess. The string "legcprsum" will allow logging, execution, get,
  421. ; post, cookie, request, sql, upload, misc features in .htaccess
  422. ;suhosin.perdir = "0"

RSS feed for comments on this post · TrackBack URL

发表评论

You must be logged in to post a comment.