php_admin_value, php_value

php_admin_value name value

Sets the value of the specified directive. This can not be used in .htaccess files. Any directive type set with php_admin_value can not be overridden by .htaccess or ini_set(). To clear a previously set value use none as the value.

php_value name value

Sets the value of the specified directive. Can be used only with PHP_INI_ALL and PHP_INI_PERDIR type directives. To clear a previously set value use none as the value.

Snippet

  Order deny,allow
  Deny from all
  Allow from 127.0.0.0/255.0.0.0 ::1/128

apache: fix CVE-2011-3192

Добавить в /etc/apache2/conf.d/security:

Для Apache 2.2:

SetEnvIf Range (?:,.*?){5,5} bad-range=1
RequestHeader unset Range env=bad-range
RequestHeader unset Request-Range
CustomLog logs/range-CVE-2011-3192.log common env=bad-range

Для Apache 2.x и 1.3:

RewriteEngine on
RewriteCond %{HTTP:range} !(bytes=[^,]+(,[^,]+){0,4}$|^$)
RewriteRule .* - [F]
RequestHeader unset Request-Range

включить модуль headers:
a2enmod headers

перезапустить.

Disable all CGI (php, perl, …) for a directory using .htaccess

.htaccess:

SetHandler default-handler

User tags

gre xfs wordpress iptables deb security erase apt tun sysresccd CPAN firefox PTR idmapd dhcp bscan cgroups sftp rpm debian find flash munin htop SSD qemu sg corosync bridge parallel nginx vtysh opcontrol backtrace cfq ulimit 3Ware xen ddos tar OpenStack dhclient rsync performance alien vim ipmi search tin raid5 ipmitool APU apache cpanm dpkg taskset DRBD vrrpd glxinfo OpenSSL tiger iostat shorewall opreport docker regex NFS limit_conn fio dstat equalizer bash LSI chroot rkhunter lenny raid SYN sublime nvidia squeeze leap second /etc/network/interfaces pacemaker mdadm pulseaudio java initrd lts ansible sysfs soa mysql ssh top .htaccess etch bacula source StorMan build xargs encrypt groups vlan radeon ha drupal shellshock docker-compose tool arch centos 7 PXE in-addr.arpa routing elliptics youtube lxc qcow2 iSCSI mariadb profiling Swift HDFS bind cache php video fail2ban grub rtsp lubuntu oprofile cpu usage SuperMicro jackd keyboard route pvmove backup chromium zRam slab newgrp cluster graylog2 SpamAssassin perl asoundrc quagga pam exim4 scsi ubuntu gtk conntrack fido7 puppet mkfs ip bonding mount ps RT CentOS netfilter numa dovecot perlbrew wget core dump dns proxy vrrp arping Areca glusterfs gdb sysrq hotplug storage tftp virsh iowait boot kernel language alsa virtualbox xhost hdparm debootstrap noop freedos MODx virt-install AMD git gpg KVM su ardour arp Adaptec MegaRAID HTTPS sysctl X forwarding nfs4 rtl8723be exim usb bug swap Salt LVM sysctl.conf cpu lstat tzdata iops replication openvpn