Blog

10
Jul

Properly Configure Web Server of your Website : Part 2

Software is more of engineering and few of arts. Website is a kind of software that is built on 10+ technologies at minimum and anticipates complex technical issues when it is to be geared as non typical web portal, something that can stand out of the crowd to stimulate user to look into and react.

Even the best website with fantastic designs can be far from perfect application if we don’t take care for web server related security.

OK,  let us continue our insights into configurations of PHP and Apache  architects that we have started in previous articles.

If you haven’t gone through previous text, you can navigate to and read it at this URL:

http://www.blisswebsolution.com/ Properly configure web server of your website PART 1 query parameters

So far, we visited parameters and settings from PHP’s end, now we will take a brief tour of parameters from Apache’s end.

Important directives of httpd.conf and .htaccess files

When PHP runs as an Apache module, you ought to modify key directives through Apache’s httpd.conf or .htaccess file.

We can set key value pairs with = assignment operator in between.

For example,

  1. php_admin_value: It sets the value of the specified directive. It differs from php_value in that it cannot be used within an .htaccess file and cannot be overridden within virtual hosts.
  1. php_value: It  sets the value of the specified directive.
  2. php_flag: It sets the value of the specified Boolean directive. ON or OFF values are legitimate. It equally applies in configurations of virtual hosts.

Scope of  configuration directives

Apache-to-PHP directives can not be modified from anywhere else except from httpd.conf or .htaccess as stated.  Reason is that even if hacker can plug in to website code pages, will essentially unable to touch web server objects.

Interestingly, each directive is also assigned a separate scope, and it can be altered or modified  within that realm.

In total, there are four scopes revealed with examples of below four directives:

  1. PHP_INI_USER: This directive can be modified within user scripts
  2. PHP_INI_PERDIR: This directive can be modified within the php.ini, httpd.conf, or .htaccess files
  3. PHP_INI_SYSTEM: This directive can be modified within the php.ini and httpd.conf files
  4. PHP_INI_ALL: This directive can be modified anywhere

Now, we will see several directives pertaining to PHP language behaviour. Majority of these given variables can be settled from php.ini itself.

After determining and settling values if you see no effects, consider reading documentation of any special extension like WordPress or CodeIgniter plug-ins your application might have introduced that is overriding key-value pair employed by us.

Only few moments will be spent to get acquainted with these directives and then you will adjust language’s general behaviours according to your taste.

1 – ze1_compatibility_mode (On, Off)

Scope: PHP_INI_ALL;

Default value: Off

When major upgradation occurs in a technology software, there remains a gap between past versions and current one in terms of parameters, related thresholds or even their meaning.

Older version elements remain in the use for a time until respected vendor installs patches.

However, even intermediate developers aren’t aware that enabling the zend.ze1_compatibility_mode directive allows older version PHP  applications to run without issue in version 5 or greater. Therefore, if you’d like to use

specific application that is unmatched with modern trends, look to this directive.

2 – engine (On, Off)

Scope: PHP_INI_ALL;

Default value: On

This parameter is simply responsible for determining whether the PHP engine is enabled.

Beware of its ‘off’ value. Turning it off prevents you from using PHP at all. Obviously, you should not touch upon this directive and leave this enabled.

3 – short_open_tag (On, Off)

Scope: PHP_INI_ALL;

Default value: On

PHP scripts are essentially enclosed within escape syntax. There are four different escape formats, most commonly used one is the shortest form and looks like this:

<?

echo “any valid statement”;

?>

If you’re a multi-skill web developer, you will notice that this syntax is shared with XML, which would cause issues in certain environments. Therefore, we are provided a means for disabling this particular format in case.

Growth of Apache and PHP have gone infinite and a series of articles are needed to explain each major bit of setting.

We hope text given in these two articles on web server configurations remained meaningful to you and you gained knowledge for the same.

Read more articles on web design and development at

http://www.blisswebsolution.com/blog/

Bliss Web Solution Pvt. Ltd is a well known web development company of India. It offers custom mobile applications development, open source development, eCommerce solutions with outstanding focus on Magento, and web services projects across the world.

Categories

Categories

Archives

Archives