Icy Phoenix

     
 


Post new topic  This topic is locked: you cannot edit posts or make replies. 
Page 1 of 2
Goto page 1, 2  Next
 
Reply with quote Download Post 
Post HOSTING - Modify Php Settings With .htaccess File 
 
If you recive a error like this:

Code: [Download] [Hide] [Select]
Allowed memory size of (number1) bytes exausted when tried to allocate (number2) bytes on (file)


And "number1" is smaller than "number2", that´s because icy don´t has been configured for a smaller Php allowed memory usage, that is cofigurated in most servers. For solving that:

OPEN "board_root"/.htaccess
FIND
Code: [Download] [Hide] [Select]
#php_value memory_limit 32M

REPLACE WITH
Code: [Download] [Hide] [Select]
php_value memory_limit 32M


Important: the 32 can be any other number, but it has to be a multiple of 8.




If you need to set the register_globals configuration off (without modifying the php.ini):

OPEN "board_root"/.htaccess
FIND
Code: [Download] [Hide] [Select]
#php_flag register_globals 0
#php_flag register_globals off

REPLACE WITH
Code: [Download] [Hide] [Select]
php_flag register_globals 0
php_flag register_globals off





If you want to set the icy board error pages:

OPEN "board_root"/.htaccess
FIND
Code: [Download] [Hide] [Select]
#ErrorDocument 400 http://127.0.0.1/errors.php?code=400
#ErrorDocument 401 http://127.0.0.1/errors.php?code=401
#ErrorDocument 403 http://127.0.0.1/errors.php?code=403
#ErrorDocument 404 http://127.0.0.1/errors.php?code=404
#ErrorDocument 500 http://127.0.0.1/errors.php?code=500

REPLACE WITH
Code: [Download] [Hide] [Select]
ErrorDocument 400 http://127.0.0.1/errors.php?code=400
ErrorDocument 401 http://127.0.0.1/errors.php?code=401
ErrorDocument 403 http://127.0.0.1/errors.php?code=403
ErrorDocument 404 http://127.0.0.1/errors.php?code=404
ErrorDocument 500 http://127.0.0.1/errors.php?code=500


Note: You have to put your website instead of "http://127.0.0.1"




To disable the rewrite engine (it doesn´t mind what is set in the ACP):

OPEN
FIND
Code: [Download] [Hide] [Select]
RewriteEngine On

REPLACE WITH
Code: [Download] [Hide] [Select]
RewriteEngine Off





To sure that you won´t have any error in the domain/subdomain adress:

OPEN "board_root"/.htaccess
FIND
Code: [Download] [Hide] [Select]
#Make sure the whole site goes to www.mysite.com instead of mysite.com. This is good for the search engines
#Edit and uncomment the below lines for your own site.
#Make sure to replace icyphoenix.com with your site address.
#RewriteCond %{HTTP_HOST} ^icyphoenix.com
#RewriteRule (.*) http://www.icyphoenix.com/$1 [R=301,L]

REPLACE WITH
Code: [Download] [Hide] [Select]
#Make sure the whole site goes to www.mysite.com instead of mysite.com. This is good for the search engines
#Edit and uncomment the below lines for your own site.
#Make sure to replace icyphoenix.com with your site address.
RewriteCond %{HTTP_HOST} ^icyphoenix.com
RewriteRule (.*) http://www.icyphoenix.com/$1 [R=301,L]


Note: This time you have to put your Url on the first without the "www." if you have a domain or with the www. if you haven´t one, and in the second in the inverse way.





MG, have you thought about, in the file .htaccess, add something to block the characters below?

Code: [Download] [Hide] [Select]
",',<,>,{,},[,]

 



 
novice programmerSend private message  
Back to topPage bottom
Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.

Support us
 
Reply with quote Download Post 
Post Re: Modify Php Settings With .htaccess File 
 
Thanks, it is really useful, I'll move to docs section.

novice programmer wrote: [View Post]
MG, have you thought about, in the file .htaccess, add something to block the characters below?

Code: [Download] [Hide] [Select]
",',<,>,{,},[,]

Why should I block these?

Not all of these requests may be dangerous...

I can't lock all these kind of requests, because someone may need them for other scripts on their sites.
 




____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
 
Mighty GorgonSend private messageSend e-mail to userVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Modify Php Settings With .htaccess File 
 
Many thanks, novice programmer, very useful!
 




____________
~~~ Andrea ~~~
User #379756 on Linux Counter
"If you can't apt-get something, it isn't useful or doesn't exist!!"
 
buldoSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Modify Php Settings With .htaccess File 
 
Mighty Gorgon wrote: [View Post]
Thanks, it is really useful, I'll move to docs section.

novice programmer wrote: [View Post]
MG, have you thought about, in the file .htaccess, add something to block the characters below?

Code: [Download] [Hide] [Select]
",',<,>,{,},[,]

Why should I block these?

Not all of these requests may be dangerous...

I can't lock all these kind of requests, because someone may need them for other scripts on their sites.


About the < and >: With the <HTML TEXT> you can insert  a script at the adress. I konw you have blocked all script tags on the url, but it could be ofuscated... it´ll become this way: <D5%110%25%2001%20%>. For my POV this is a security issue.

For possible hackers: The numbers have been selected at ramdom, and them won´t work in a page.

About the ': I know ctraker blocks them, but if someone can insert into the url a code for not-ctraker loading...

About the ": Php code could being edited with them

And about the { and }: I don´t know any page which use them, so they could be blocked.

MG, if you found this risky, you can upload them as a customization, so users could decide.

You can add this to the acronyms:
POV = Point Of View
 



 
novice programmerSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Modify Php Settings With .htaccess File 
 
Yes of course it is a matter of POV !

In my opinion scripts must be secured against these kind of requests, but I wouldn't block everything just because they may be dangerous.

If a script is well coded, then these measures will be unuseful.

There are always two extreme ways in adopting securities measures:
  • Block everything may be dangerous...
  • Try to guess at runtime what may be dangerous and eventually block unsecure scripts...


If you need something flexible, you should allow some vars being processed, but escaped where needed.

In PHP there are many functions for this, such as urlencode, raw_urlencode, htmlspecialchars and so on that are there just to prevent injections.

As you can see in major packages none of them is blocking so strictly some chars.

What I did in Icy Phoenix was to secure http requests by blocking injections via globals... so phpbb_root_path is blocked because it may be exposed to RFI (Remote File Inclusions) in those servers with globals enabled.

Anyway I really appreciate your point of view, and I hope you will post more of this, maybe someone will decide to follow your "hard" way and include a more strict htaccess to their sites.

Can you create a new htaccess including all these measures?
 




____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
 
Mighty GorgonSend private messageSend e-mail to userVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Modify Php Settings With .htaccess File 
 
Mighty Gorgon wrote: [View Post]
Yes of course it is a matter of POV !

In my opinion scripts must be secured against these kind of requests, but I wouldn't block everything just because they may be dangerous.

......

Can you create a new htaccess including all these measures?


I asked you because i know something about php, but not about .htaccess files.
 



 
novice programmerSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Modify Php Settings With .htaccess File 
 
novice programmer wrote: [View Post]
If you recive a error like this:

Code: [Download] [Hide] [Select]
Allowed memory size of (number1) bytes exausted when tried to allocate (number2) bytes on (file)


And "number1" is smaller than "number2", that´s because icy don´t has been configured for a smaller Php allowed memory usage, that is cofigurated in most servers. For solving that:

OPEN "board_root"/.htaccess
FIND
Code: [Download] [Hide] [Select]
#php_value memory_limit 32M

REPLACE WITH
Code: [Download] [Hide] [Select]
php_value memory_limit 32M


Important: the 32 can be any other number, but it has to be a multiple of 8.


A simple test (actual limit is 12M, I tried 32MB) on my host has returned this error (500):

Quote:
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.


Is there any other setting to modify?  
 




____________
~~~ Andrea ~~~
User #379756 on Linux Counter
"If you can't apt-get something, it isn't useful or doesn't exist!!"
 
buldoSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Modify Php Settings With .htaccess File 
 
Your server does not support that value. They set up that value on on every account by default
 




____________
? Zuker - EDDB - LPM - Sharefields
 
ZukerSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Modify Php Settings With .htaccess File 
 
Zuker wrote: [View Post]
Your server does not support that value. They set up that value on on every account by default


As I supposed  

Thanks, Zuker
 




____________
~~~ Andrea ~~~
User #379756 on Linux Counter
"If you can't apt-get something, it isn't useful or doesn't exist!!"
 
buldoSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Modify Php Settings With .htaccess File 
 
buldo wrote: [View Post]

....

A simple test (actual limit is 12M, I tried 32MB) on my host has returned this error (500):

...

I have only tested the 8M multiples.

Notice that you have only to set the M for Megabyte. If you put MB, it won´t work.
 



 
novice programmerSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Modify Php Settings With .htaccess File 
 
novice programmer wrote: [View Post]

Notice that you have only to set the M for Megabyte. If you put MB, it won´t work.


I know. I've tried with 32M, but most problably Zuker is right  
 




____________
~~~ Andrea ~~~
User #379756 on Linux Counter
"If you can't apt-get something, it isn't useful or doesn't exist!!"
 
buldoSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Modify Php Settings With .htaccess File 
 
buldo, you don't need to set it via HTACCESS, because you can set it via PHP on your server...

Why you want to raise Memory Limit? Are you having white pages or some other warning?


_______________

novice programmer wrote: [View Post]
Mighty Gorgon wrote: [View Post]
Yes of course it is a matter of POV !

In my opinion scripts must be secured against these kind of requests, but I wouldn't block everything just because they may be dangerous.

......

Can you create a new htaccess including all these measures?


I asked you because i know something about php, but not about .htaccess files.

When I have some free time I'll try to have a play to show you how to block some special chars.

If you have time, there are several sites which helps users in coding their HTACCESS.
 




____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
 
Mighty GorgonSend private messageSend e-mail to userVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Modify Php Settings With .htaccess File 
 
Mighty Gorgon wrote: [View Post]
buldo, you don't need to set it via HTACCESS, because you can set it via PHP on your server...

Why you want to raise Memory Limit? Are you having white pages or some other warning?


I've got a "Memory execed limit"  with "Rebuild search index" in ACP->DB Maintenance, using the standard IP parameters.
I must reduce "Max post size" in  ACP->DB Maintenance->Configuration to 250 to complete the task.

I've also tried to insert "ini_set('memory_limit','32M');" in config.php as suggested on other post, but the error remains.

Ciao,
 




____________
~~~ Andrea ~~~
User #379756 on Linux Counter
"If you can't apt-get something, it isn't useful or doesn't exist!!"
 
buldoSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Modify Php Settings With .htaccess File 
 
buldo wrote: [View Post]

...............
A simple test (actual limit is 12M, I tried 32MB) on my host has returned this error (500):
..........


If can´t set memory at 32M, try with 16M, and if it doesn´t work, set it at 12M. Try it out with the two ways.

I recomend setting up at a multiple of 8M becase that are the valves I´ve tested. You can try with the ones you want.
 



 
novice programmerSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Modify Php Settings With .htaccess File 
 
Actual limit is 12M. I've also tried 16M, but it doesn't work.

Anyway, thanks for your tips.
 




____________
~~~ Andrea ~~~
User #379756 on Linux Counter
"If you can't apt-get something, it isn't useful or doesn't exist!!"
 
buldoSend private messageVisit poster's website  
Back to topPage bottom
Post new topic  This topic is locked: you cannot edit posts or make replies.  Page 1 of 2
Goto page 1, 2  Next


Display posts from previous:    

HideWas this topic useful?

Link this topic
URL
BBCode
HTML




 
Permissions List
You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events


  

 

  cron