php_admin_value, php_value

php_admin_value name value

Sets the value of the specified directive. This can not be used in .htaccess files. Any directive type set with php_admin_value can not be overridden by .htaccess or ini_set(). To clear a previously set value use none as the value.

php_value name value

Sets the value of the specified directive. Can be used only with PHP_INI_ALL and PHP_INI_PERDIR type directives. To clear a previously set value use none as the value.

Snippet

  Order deny,allow
  Deny from all
  Allow from 127.0.0.0/255.0.0.0 ::1/128

apache: fix CVE-2011-3192

Добавить в /etc/apache2/conf.d/security:

Для Apache 2.2:

SetEnvIf Range (?:,.*?){5,5} bad-range=1
RequestHeader unset Range env=bad-range
RequestHeader unset Request-Range
CustomLog logs/range-CVE-2011-3192.log common env=bad-range

Для Apache 2.x и 1.3:

RewriteEngine on
RewriteCond %{HTTP:range} !(bytes=[^,]+(,[^,]+){0,4}$|^$)
RewriteRule .* - [F]
RequestHeader unset Request-Range

включить модуль headers:
a2enmod headers

перезапустить.

Disable all CGI (php, perl, …) for a directory using .htaccess

.htaccess:

SetHandler default-handler

User tags

find pulseaudio replication bug fail2ban LSI iostat oprofile nginx flash boot quagga .htaccess htop lstat tftp vlan storage pacemaker su groups SpamAssassin git lubuntu encrypt slab perl DRBD ulimit grub ipmitool cpu usage elliptics virsh lxc virtualbox shorewall apache firefox sublime core dump xen wordpress php keyboard X forwarding xfs centos 7 cfq qcow2 dovecot raid5 soa exim iptables ardour graylog2 Adaptec video LVM ip chromium idmapd cgroups glusterfs conntrack pam PTR shellshock MegaRAID 3Ware kernel limit_conn taskset ssh sysfs munin PXE tar debian wget mount java rtsp drupal dns gtk route mysql zRam SYN cpu vim Swift mkfs gdb docker-compose ipmi rsync backup raid vrrpd iowait etch chroot Areca bind routing tool freedos KVM mdadm arp sg radeon dhcp gre alien pvmove alsa hdparm language corosync StorMan qemu mariadb proxy source ps docker hotplug OpenSSL /etc/network/interfaces xhost sysctl nvidia ddos fio CentOS AMD puppet initrd profiling equalizer bacula lts regex NFS parallel arch opreport cache performance perlbrew tin bash OpenStack jackd SSD squeeze arping bonding virt-install Salt HDFS cpanm tun usb MODx gpg exim4 backtrace rkhunter bscan sysresccd CPAN debootstrap RT vrrp numa fido7 sftp apt netfilter rtl8723be iSCSI APU scsi dstat vtysh top sysctl.conf iops cluster lenny dhclient bridge newgrp dpkg nfs4 build ha security erase tiger SuperMicro asoundrc youtube tzdata in-addr.arpa noop ansible glxinfo ubuntu openvpn opcontrol sysrq search xargs rpm leap second HTTPS swap deb