Difference between revisions of "How can you change PHP settings using htaccess?"

From Joomla! Documentation

m (clean up categories with <noinclude> tags)
(Some markup changes. Added header markup. Magic quotes have been removed from PHP.)
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
'''Introduction'''
+
==Introduction==
  
This FAQ explains how to set boolean PHP configuration directives using php_flag. The format for php_flag is: php_flag name on|off
+
This FAQ explains how to set boolean PHP configuration directives using ''php_flag''. The format for ''php_flag'' is: ''php_flag name on|off''
  
 +
==Directions==
  
'''Directions'''
+
1. Open the ''.htaccess'' file located in your site's home directory. If you don't have one, create a blank one now. Note the period character (.) at the beginning of the file name.
  
1. Open the .htaccess file located in your site's home directory, or if you don't have one, create a blank one now. Note the period character (.) at the beginning of the file name.
+
2. Add any of the following code samples to your ''.htaccess'' file, each on its own line. These sample commands will prevent common global variable injection attacks, cross site scripting (XSS) attacks, and code injection attacks.
  
2. Add any of the following code samples to your .htaccess file, each on it's own line. These sample commands will prevent common global variable injection attacks, cross site scripting (XSS) sttacks, and code injection attacks.
+
<syntaxhighlight>
 
+
php_flag register_globals off
php_flag register_globals off
+
php_flag allow_url_fopen off
 
+
</syntaxhighlight>
php_flag allow_url_fopen off
 
 
 
php_flag magic_quotes_gpc on
 
 
 
 
 
''Note that although the magic_quotes_gpc directive adds a layer of security, for performance reasons it is not considered a best practice. If you have verified that your site correctly filters and validates all user data (and every production site really should), then there is no need to add this directive. If you have any doubt, add it.''
 
  
 
3. Save the .htaccess file in your site's home directory.
 
3. Save the .htaccess file in your site's home directory.
  
4. Test your site's front end and back end.
+
4. Test your site's frontend and backend.
  
 
<noinclude>[[Category:FAQ]]
 
<noinclude>[[Category:FAQ]]

Latest revision as of 18:06, 10 September 2022

Introduction[edit]

This FAQ explains how to set boolean PHP configuration directives using php_flag. The format for php_flag is: php_flag name on|off

Directions[edit]

1. Open the .htaccess file located in your site's home directory. If you don't have one, create a blank one now. Note the period character (.) at the beginning of the file name.

2. Add any of the following code samples to your .htaccess file, each on its own line. These sample commands will prevent common global variable injection attacks, cross site scripting (XSS) attacks, and code injection attacks. 

php_flag register_globals off
php_flag allow_url_fopen off

3. Save the .htaccess file in your site's home directory.

4. Test your site's frontend and backend.

Retrieved from "https://docs.joomla.org/index.php?title=How_can_you_change_PHP_settings_using_htaccess%3F&oldid=968606"