Customizing PHP Safe Mode Published: Aug 26, 2004

Rating

5/5

We'll guide you through using PHP safe_mode and how-to enable it and to customize it for certain sites on your server. If a client needs it turned off for just one site and you have it turned on for the entire server what can you do?

Customizing PHP Safe Mode

We’ll guide you through using PHP safe_mode and how-to enable it and to customize it for certain sites on your server. When using PHP as an Apache module, you can also change the configuration settings using directives in Apache configuration files (e.g. httpd.conf) and .htaccess files. PHP safe_mode is very important to in terms of server security because it restricts and disables the dangerous functions in PHP from the scripts like PHP Shell that can otherwise cause damages to your server and client sites.

Using PHP Safe_Mode

First of all we’ll take care of the files that you will edit, and make sure to have copy or backup .

Activate Safe Mode Globally

It is very simple to active safe mode on the entire server. All you need to do is just edit the php.ini file. If you can’t find where php.ini is or have multiple copies on your server the best thing to do is run phpinfo() to find it. Open up Notepad or your favorite HTML editor and paste in the following from this file.

http://www.webhostgear.com/phpinfo.phps

Save it as phpinfo.php and upload it to a website that you want to test on your server. Type in the URL and you’ll get a PHP configuration page telling you exactly where php.ini is located and all kinds of other useful information about the sites and servers configuration settings.

A few lines down you’ll see this:
Configuration File (php.ini) Path: /usr/local/Zend/etc/php.ini
Now that we know the location of php.ini we can proceed to edit it.

1) Open up php.ini in your shell with your favorite editing program.
pico /path to php/php.ini (replace with the path to your php.ini file)

2) Find the following line: safe_mode
Ctrl + W and type in: safe_mode

3) Turning safe mode on or off.
safe_mode = Off

You may active it by or turn it off by changing it to either On OR Off.
safe_mode = On

Good! Now save the file by ctrl + x then y

4) Restart the Apache web server by
/etc/init.d/httpd restart

Now safe_mode is active on all your server accounts.

Activate Safe Mode Using Per Site Basis

Now if you have scripts that require safe mode off like Modernbill or any script doesn't work well with safe_mode on what you will do? Disable safe_mode on the entire server just for these scripts? This isn’t very practical when you can disable php safe mode per user account/site basis.

Let’s do it!
1) SSH to your server and login as root.

2) Then find the httpd.conf, normally it’s in /etc/httpd/conf/ or /usr/local/apache/conf/
If it’s not in either of those places try search for it: locate httpd.conf

3) Then find the site you wish to edit.
Ctrl+W and type in the domain name

You should see something like this

<VirtualHost ***.***.***.***>
ServerAlias www.domain.net domain.net
ServerAdmin webmaster@domain.net
DocumentRoot /home/domain/public_html
BytesLog domlogs/domain.net-bytes_log
ServerName www.domain.net
User domain
Group domain
CustomLog domlogs/domain.net combined
ScriptAlias /cgi-bin/ /home/domain/public_html/cgi-bin/ 
</VirtualHost>

4) Now add this line:

php_admin_flag safe_mode Off

We have also found that the following works as well if the above does not but DO NOT USE BOTH, pick one!

php_admin_value safe_mode 0

to be like this :

<VirtualHost ***.***.***.***>
ServerAlias www.domain.net domain.net
ServerAdmin webmaster@domain.net
DocumentRoot /home/domain/public_html
php_admin_flag safe_mode Off
BytesLog domlogs/domain.net-bytes_log
ServerName www.domain.net
User domain
Group domain
CustomLog domlogs/domain.net combined
ScriptAlias /cgi-bin/ /home/domain/public_html/cgi-bin/ 
</VirtualHost>

5) Good :) Now save the changes.
Ctrl + X then Y

6) Restart the Apache web server by
/etc/init.d/httpd restart

Final Words

PHP Safe mode should be on by default on all your servers for added security. However there are some scripts that are not compatible with it on so you have to make an exception to some client sites. Make sure you know why they’re requesting to have it turned off because it is much more secure for everyone to have it on.

If you run into trouble after editing httpd.conf you can run the apachectl configtest
in shell. This will test the Apache configuration for errors and report them back to you if you can’t start it, very handy indeed!
More PHP customizing commands here: http://php.us.themoes.org/manual/en/configuration.changes.php

Contributed by ReRoot, edited by Ramprage

Rating

5/5

1 2 3 4 5

Rate it!

Comments (14)

MooDa 18:29, January 16, 2006

now when i activate safe mode some functions do not work successfully in my code like chmode for directory and copy function 
how i can solve these problems? 
answer me on my mail
coolkid 15:00, April 13, 2007

http://www.webhostgear.com/phpinfo.phps 
this link is not working. Plz, change it
wt 10:26, May 24, 2007

a most-simply-made phpinfo() script could be: 
<?php 
phpinfo(); 
?> 
you can put these lines as phpinfo.php to your server.
Sharda 07:59, June 4, 2007

hello, i want to turn on the register_globals flag in the /usr/local/Zend/etc/php.ini file, but not able to do that. 
 
please guide me. 
 
ur way of describing the process is excellent.
ahmad 20:06, August 24, 2007

hello 
how are you 
>>>>>>>>>>>>>> 
i have free account in hyperphp.com and i should turn off php safe mode because i want install flash chat on >>> can i make it off ??? 
>>>>>>>>>>>>>>>>>>>>
Ahmed 16:56, February 21, 2008

I think this is an old article cause I tried it on Apache 2.2 and it doesn't work with me :(
Tester 16:01, April 3, 2008

View all script variables may be 
<?php 
echo '<pre>'; 
print_r(get_defined_vars()); 
echo '</pre>'; 
?>
Mick 19:02, May 13, 2008

PHP's safe_mode is a flawed system and will not be availble in PHP6. Secure your code first time, every time. Thats my two cents. Enjoy your false sense of security whilst you can.
dee 15:00, August 22, 2008

Hi. I have a account with big company that own the server. Is possible to turn the save-mode off for my website? Tried to locate php.ini but couldn't find it.
Isaac Flores 22:30, July 26, 2010

Great post!
thank you very much :)
Nabil L. 18:42, March 11, 2011

Should we (shared host users) wait for PHP6?
Or move to dedicated host? Still expensive yet...
hatagatas 16:52, June 3, 2011

<a href=http://profiles.friendster.com/124503708 > cod pay soma Interpol </a> <a href=http://labs.divx.com/node/17400 > cash on delivery tramadol tetap </a> <a href=http://dev.wurflpro.com/redmine/issues/237 > buy ultram for saturday delivery Juanita </a> <a href=http://labs.divx.com/node/17407 > online prescription Prednisone regular </a> <a href=http://people.bakersfield.com/home/User/nukaswel > buy xanax free consultation wages </a> <a href=http://labs.divx.com/node/17403 > buy generic viagra online pharmacy resize </a> <a href=http://www.flickr.com/people/63458481@N02/ > how to buy watson products online broke </a> <a href=http://labs.divx.com/node/17406 > online purchase soma PRIVELEGE </a> <a href=http://labs.divx.com/node/17405 > cialis vs viagra worksheets </a> <a href=http://profiles.friendster.com/124503743 > viagra online sales CCSIClick </a> <a href=http://people.bakersfield.com/home/User/laserdel > cheap Accutane free fedex shipping Bellelo </a> <a href=http://www.flickr.com/people/63484533@N06/ > cheap Prednisone free fedex shipping Panmungak </a> <a href=http://labs.divx.com/node/17402 > doctor shopping for soma prescription HotspotsPanoramic </a> <a href=http://dev.wurflpro.com/redmine/issues/234 > wholesale tramadol large quantities rattlesnakes </a> <a href=http://www.flickr.com/people/63444040@N07/ > viagra overnight shipping Panoramic </a> <a href=http://labs.divx.com/node/17401 > 2mg xanax buy timed </a> <a href=http://people.bakersfield.com/home/User/stevalker > cheap viagra india Broadly </a> <a href=http://people.bakersfield.com/home/User/sewtuker > tramadol no prescription needed futures </a> <a href=http://profiles.friendster.com/124493479 > tramadol and codeine allergy Neither </a> <a href=http://profiles.friendster.com/124503806 > order online Trazodone thinkPACK </a> <a href=http://labs.divx.com/node/17404 > artheritis medication ultram pride </a> <a href=http://labs.divx.com/node/17399 > cheap tramadol cod free fedex Pleasure </a> <a href=http://dev.wurflpro.com/redmine/issues/239 > Prednisone without prescription diijinkan </a> <a href=http://dev.wurflpro.com/redmine/issues/235 > watson soma fedex Clowers </a> <a href=http://people.bakersfield.com/home/User/astrolreff > online pharmacy soma sale stayed </a> <a href=http://dev.wurflpro.com/redmine/issues/236 > buy cheap viagra online trentdev </a> <a href=http://profiles.friendster.com/124503782 > Accutane no prior prescription createdChange </a> <a href=http://labs.divx.com/node/17398 > tramadol 500mg information removed </a> <a href=http://dev.wurflpro.com/redmine/issues/238 > cialis soft tabs generic clarify </a> <a href=http://www.flickr.com/people/63372895@N05/ > buy tramadol with saturday delivery Health </a>
caseatah 15:57, June 11, 2011

<a href=http://newrychat.com/index.php?p=blogs/viewstory/1698 > buy soma overnight outlet </a>
<a href=http://chibearsnation.com/index.php?p=blogs/viewstory/1266 > tramadol shipped on saturday VEHICLES </a>
<a href=http://5ive21.com/index.php?p=blogs/viewstory/1831 > buy soma online no prescription listed </a>
<a href=http://blackfacebook.com/index.php?p=blogs/viewstory/2774 > cheap tramadol with cash on delivery findings </a>
<a href=http://ilovetacos.info/index.php?p=blogs/viewstory/573 > free shipping tramadol Clover </a>
<a href=http://dailybooth.com/vervipast > buy Tramadol cash on delivery e </a>
<a href=http://myfiwifi.net/index.php?p=blogs/viewstory/2588 > tramadol controversy Newport </a>
<a href=http://chibearsnation.com/index.php?p=blogs/viewstory/1279 > prescription of soma cursing </a>
<a href=http://edunetor.com/index.php?p=blogs/viewstory/1603 > soma muscle relaxant germany </a>
<a href=http://mipagina.univision.com/stevalked > BUY SOMA COD university </a>
<a href=http://designtechmedia.com/index.php?p=blogs/viewstory/242 > tramadol hcl 500mg Although </a>
<a href=http://mipagina.univision.com/mawetnuld > online soma watson stood </a>
wxaeratn 20:45, June 11, 2011

<a href=http://labs.divx.com/node/17459 > Soma without prescription shipped overnight </a>
<a href=http://articlesplus1.com/order-tramadol-no-prescription-next-day-delivery.html > order tramadol no prescription </a>
<a href=http://labs.divx.com/node/17452 > Tramadol Online </a>
<a href=http://labs.divx.com/node/17458 > Soma overnight cod </a>
<a href=http://labs.divx.com/node/17442 > tramadol with next day delivery </a>
<a href=http://labs.divx.com/node/17461 > Viagra no prescription overnight </a>
<a href=http://labs.divx.com/node/17453 > Order tramadol cod </a>
<a href=http://submitondirectory.com/article/2011/06/acyclovir-online-overnight-without-dr-approval/ > Acyclovir online Overnight without dr approval </a>
<a href=http://submitondirectory.com/article/2011/06/order-clomid-no-prescription-next-day-delivery/ > Clomid no prescription next day delivery </a>
<a href=http://labs.divx.com/node/17464 > No prescription generic viagra </a>
<a href=http://labs.divx.com/node/17446 > Tramadol overnight delivery </a>
<a href=http://labs.divx.com/node/17416 > Tramadol no script required </a>
<a href=http://labs.divx.com/node/17447 > Tramadol shipped COD </a>

Best-Selling Hosting

Top Rated Providers

Editors Pick

Customizing PHP Safe Mode Published: Aug 26, 2004

Rating

5/5

Rating

Rating

Rate it!

Related Articles

Comments (14)

Add Your Thoughts

Best-Selling Hosting

Top Rated Providers

Editors Pick

Customizing PHP Safe Mode Published: Aug 26, 2004 Rating 5/5

Rating

Rating

Rate it!

Related Articles

Comments (14)

Add Your Thoughts

Customizing PHP Safe Mode Published: Aug 26, 2004

Rating

5/5