diff options
| author | Ben Fuhrmannek | 2014-08-21 11:31:08 +0200 |
|---|---|---|
| committer | Ben Fuhrmannek | 2014-08-21 11:31:08 +0200 |
| commit | d16d6e8fcbfaad4164eca1938726834603671781 (patch) | |
| tree | 203994b676fc4107e274417b1917118c4a7e1182 /suhosin.ini | |
| parent | 9c01b3e32d11db1abc22e9cd6b54fe8fc1d6fc0c (diff) | |
updated documentation + new ini entries
Diffstat (limited to 'suhosin.ini')
| -rw-r--r-- | suhosin.ini | 61 |
1 files changed, 55 insertions, 6 deletions
diff --git a/suhosin.ini b/suhosin.ini index 9d0bc23..3ae8ff5 100644 --- a/suhosin.ini +++ b/suhosin.ini | |||
| @@ -1,3 +1,6 @@ | |||
| 1 | |||
| 2 | ;extension=suhosin.so | ||
| 3 | |||
| 1 | ; ===================== | 4 | ; ===================== |
| 2 | ; Logging Configuration | 5 | ; Logging Configuration |
| 3 | ; ===================== | 6 | ; ===================== |
| @@ -12,9 +15,6 @@ | |||
| 12 | ; what this configuration says, because a corrupted heap could mean that the | 15 | ; what this configuration says, because a corrupted heap could mean that the |
| 13 | ; other logging options will malfunction during the logging process. | 16 | ; other logging options will malfunction during the logging process. |
| 14 | ; | 17 | ; |
| 15 | ; Keep in mind that using the constants is only supported when the Suhosin-Patch | ||
| 16 | ; is used. | ||
| 17 | ; | ||
| 18 | ; +------------+-----------+----------------------------------------------------+ | 18 | ; +------------+-----------+----------------------------------------------------+ |
| 19 | ; | Constant | Value | Description | | 19 | ; | Constant | Value | Description | |
| 20 | ; +============+===========+====================================================+ | 20 | ; +============+===========+====================================================+ |
| @@ -47,6 +47,9 @@ | |||
| 47 | ; | S_ALL | 511 | Combines all classes | | 47 | ; | S_ALL | 511 | Combines all classes | |
| 48 | ; +------------+-----------+----------------------------------------------------+ | 48 | ; +------------+-----------+----------------------------------------------------+ |
| 49 | ; | 49 | ; |
| 50 | ; Using constant names is only supported with the Suhosin-Patch. If in doubt, use | ||
| 51 | ; the numeric value, e.g. `suhosin.log.syslog=511`. | ||
| 52 | ; | ||
| 50 | ;suhosin.log.syslog = S_ALL & ~S_SQL | 53 | ;suhosin.log.syslog = S_ALL & ~S_SQL |
| 51 | ; | 54 | ; |
| 52 | 55 | ||
| @@ -102,6 +105,9 @@ | |||
| 102 | ; | LOG_LOCAL7 | 31 | | 105 | ; | LOG_LOCAL7 | 31 | |
| 103 | ; +--------------+-------+ | 106 | ; +--------------+-------+ |
| 104 | ; | 107 | ; |
| 108 | ; Using constant names is only supported with the Suhosin-Patch. If in doubt, use | ||
| 109 | ; the numeric value. | ||
| 110 | ; | ||
| 105 | ;suhosin.log.syslog.facility = LOG_USER | 111 | ;suhosin.log.syslog.facility = LOG_USER |
| 106 | ; | 112 | ; |
| 107 | 113 | ||
| @@ -135,6 +141,9 @@ | |||
| 135 | ; |LOG_ERR | 7 | | 141 | ; |LOG_ERR | 7 | |
| 136 | ; +------------+-------+ | 142 | ; +------------+-------+ |
| 137 | ; | 143 | ; |
| 144 | ; Using constant names is only supported with the Suhosin-Patch. If in doubt, use | ||
| 145 | ; the numeric value. | ||
| 146 | ; | ||
| 138 | ;suhosin.log.syslog.priority = LOG_ALERT | 147 | ;suhosin.log.syslog.priority = LOG_ALERT |
| 139 | ; | 148 | ; |
| 140 | 149 | ||
| @@ -146,6 +155,9 @@ | |||
| 146 | ; Defines what classes of security alerts are logged through the SAPI error log. | 155 | ; Defines what classes of security alerts are logged through the SAPI error log. |
| 147 | ; For a list of available classes see table 1. | 156 | ; For a list of available classes see table 1. |
| 148 | ; | 157 | ; |
| 158 | ; Using constant names is only supported with the Suhosin-Patch. If in doubt, use | ||
| 159 | ; the numeric value. | ||
| 160 | ; | ||
| 149 | ;suhosin.log.sapi = S_ALL & ~S_SQL | 161 | ;suhosin.log.sapi = S_ALL & ~S_SQL |
| 150 | ; | 162 | ; |
| 151 | 163 | ||
| @@ -157,6 +169,9 @@ | |||
| 157 | ; Defines what classes of security alerts are logged through STDOUT. For a list | 169 | ; Defines what classes of security alerts are logged through STDOUT. For a list |
| 158 | ; of available classes see table 1. | 170 | ; of available classes see table 1. |
| 159 | ; | 171 | ; |
| 172 | ; Using constant names is only supported with the Suhosin-Patch. If in doubt, use | ||
| 173 | ; the numeric value. | ||
| 174 | ; | ||
| 160 | ;suhosin.log.stdout = S_ALL & ~S_SQL | 175 | ;suhosin.log.stdout = S_ALL & ~S_SQL |
| 161 | ; | 176 | ; |
| 162 | 177 | ||
| @@ -168,6 +183,9 @@ | |||
| 168 | ; Defines what classes of security alerts are logged to a separate Suhosin log | 183 | ; Defines what classes of security alerts are logged to a separate Suhosin log |
| 169 | ; file set by suhosin.log.file.name. | 184 | ; file set by suhosin.log.file.name. |
| 170 | ; | 185 | ; |
| 186 | ; Using constant names is only supported with the Suhosin-Patch. If in doubt, use | ||
| 187 | ; the numeric value. | ||
| 188 | ; | ||
| 171 | ;suhosin.log.file = S_ALL | 189 | ;suhosin.log.file = S_ALL |
| 172 | ; | 190 | ; |
| 173 | 191 | ||
| @@ -191,6 +209,9 @@ | |||
| 191 | ; S_MEMORY class. It cannot be logged by a script, because S_MEMORY is triggered | 209 | ; S_MEMORY class. It cannot be logged by a script, because S_MEMORY is triggered |
| 192 | ; by buffer overflows etc... which means the process is in an unstable state. | 210 | ; by buffer overflows etc... which means the process is in an unstable state. |
| 193 | ; | 211 | ; |
| 212 | ; Using constant names is only supported with the Suhosin-Patch. If in doubt, use | ||
| 213 | ; the numeric value. | ||
| 214 | ; | ||
| 194 | ;suhosin.log.script = 0 | 215 | ;suhosin.log.script = 0 |
| 195 | ; | 216 | ; |
| 196 | 217 | ||
| @@ -220,6 +241,9 @@ | |||
| 220 | ; S_MEMORY is triggered by buffer overflows etc... which means the process is in | 241 | ; S_MEMORY is triggered by buffer overflows etc... which means the process is in |
| 221 | ; an unstable state. | 242 | ; an unstable state. |
| 222 | ; | 243 | ; |
| 244 | ; Using constant names is only supported with the Suhosin-Patch. If in doubt, use | ||
| 245 | ; the numeric value. | ||
| 246 | ; | ||
| 223 | ;suhosin.log.phpscript = S_ALL | 247 | ;suhosin.log.phpscript = S_ALL |
| 224 | ; | 248 | ; |
| 225 | 249 | ||
| @@ -269,14 +293,16 @@ | |||
| 269 | ; suhosin.executor.max_depth | 293 | ; suhosin.executor.max_depth |
| 270 | ; -------------------------- | 294 | ; -------------------------- |
| 271 | ; * Type: Integer | 295 | ; * Type: Integer |
| 272 | ; * Default: 0 | 296 | ; * Default: 750 |
| 273 | ; | 297 | ; |
| 274 | ; Defines the maximum stack depth allowed by the executor before it stops the | 298 | ; Defines the maximum stack depth allowed by the executor before it stops the |
| 275 | ; script. Without this function an endless recursion in a PHP script could crash | 299 | ; script. Without this function an endless recursion in a PHP script could crash |
| 276 | ; the PHP executor or trigger the configured memory_limit. A value of '0' | 300 | ; the PHP executor or trigger the configured memory_limit. A value of '0' |
| 277 | ; disables this feature. | 301 | ; disables this feature. |
| 278 | ; | 302 | ; |
| 279 | ;suhosin.executor.max_depth = 0 | 303 | ; (Before 0.9.37, the default value was 0.) |
| 304 | ; | ||
| 305 | ;suhosin.executor.max_depth = 750 | ||
| 280 | ; | 306 | ; |
| 281 | 307 | ||
| 282 | ; suhosin.executor.include.max_traversal | 308 | ; suhosin.executor.include.max_traversal |
| @@ -570,7 +596,7 @@ | |||
| 570 | ; | 596 | ; |
| 571 | ; | 597 | ; |
| 572 | ; This class of features is experimental and still in development. As of Suhosin | 598 | ; This class of features is experimental and still in development. As of Suhosin |
| 573 | ; version 0.9.36 only preliminary MySQL support was added. | 599 | ; version 0.9.36 only preliminary MySQL and Mysqli support was added. |
| 574 | ; | 600 | ; |
| 575 | ;suhosin.memory_limit = 0 | 601 | ;suhosin.memory_limit = 0 |
| 576 | ; | 602 | ; |
| @@ -588,6 +614,18 @@ | |||
| 588 | ;suhosin.sql.bailout_on_error = Off | 614 | ;suhosin.sql.bailout_on_error = Off |
| 589 | ; | 615 | ; |
| 590 | 616 | ||
| 617 | ; suhosin.sql.user_match | ||
| 618 | ; ---------------------- | ||
| 619 | ; * Type: String | ||
| 620 | ; * Default: | ||
| 621 | ; | ||
| 622 | ; (introduced in 0.9.37) The SQL username must match this wildcard pattern or the | ||
| 623 | ; connect function will fail and return FALSE. Example: `suhosin.sql.user_match = | ||
| 624 | ; public_*` | ||
| 625 | ; | ||
| 626 | ;suhosin.sql.user_match = | ||
| 627 | ; | ||
| 628 | |||
| 591 | ; suhosin.sql.user_prefix | 629 | ; suhosin.sql.user_prefix |
| 592 | ; ----------------------- | 630 | ; ----------------------- |
| 593 | ; * Type: String | 631 | ; * Type: String |
| @@ -1282,6 +1320,17 @@ | |||
| 1282 | ;suhosin.upload.remove_binary = Off | 1320 | ;suhosin.upload.remove_binary = Off |
| 1283 | ; | 1321 | ; |
| 1284 | 1322 | ||
| 1323 | ; suhosin.upload.allow_utf8 | ||
| 1324 | ; ------------------------- | ||
| 1325 | ; * Type: Boolean | ||
| 1326 | ; * Default: Off | ||
| 1327 | ; | ||
| 1328 | ; This option allows UTF-8 along with ASCII when using | ||
| 1329 | ; `suhosin.upload.disallow_binary` or `suhosin.upload.remove_binary`. | ||
| 1330 | ; | ||
| 1331 | ;suhosin.upload.allow_utf8 = Off | ||
| 1332 | ; | ||
| 1333 | |||
| 1285 | ; suhosin.upload.verification_script | 1334 | ; suhosin.upload.verification_script |
| 1286 | ; ---------------------------------- | 1335 | ; ---------------------------------- |
| 1287 | ; * Type: String | 1336 | ; * Type: String |