I have a server where php is running as an apache module.
Every user on the server is restricted to his own directory with open_basedir.
I have disabled the following functions:
disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_multi_exec,parse_ini_file,show_source
Now I’d like to forbid custom php config settings, such as:
memory_limit
max_execution_time
max_input_time
post_max_size
upload_max_filesize
How would you go about it?
ty
You can use the php_admin_value and php_admin_flag directives to hard code the values into your apache config, this will prevent both .htaccess and ini_set from overriding the values you set.
You can read about these directives in the PHP documentation
Check more discussion of this question.