Working with LAMP (Linux, Apache, MySQL and PHP) Applications we sooner or later do run into the need to change our actual runtime environment for it. Mostly based on specific PHP settings an application does need to be able to run first, we have to specify, change or increase PHP default settings, but do feel somewhat handicapped within a shared hosting environment. Usually Admins there do not allow everybody allow to modify or hack their central configuration files on the server.
But also for this situation clever developers have thought about a trick to help their community to overcome such hassle.
As a matter of fact it is possible to change PHP configuration settings within .htaccess very easily for everyone.
For example it is possible to
Prevent Global Variable Injection Attacks with:
- php_flag register_globals off
Prevent Cross Site Scripting (XSS) Attacks with:
- php_flag allow_url_fopen off
Prevent Code Injection Attacks with:
- php_flag magic_quotes_gpc on
To do so
1. Open the .htaccess file located in your site’s home directory, or if you don’t have one, create a blank one now.
2. Add any of the following code samples to your .htaccess file, each on it’s own line.