Files
php-alpine-image/conf.d/security.ini

51 lines
1.1 KiB
INI

; disable exposure
expose_php = Off
; disable dangerous functions (minimal safe set)
disable_functions = exec,passthru,shell_exec,proc_open,popen,system,show_source,phpinfo
; logging
display_errors = Off
display_startup_errors = Off
log_errors = On
error_reporting = E_ALL
; file limits
upload_max_filesize = 8M
post_max_size = 8M
max_execution_time = 30
max_input_time = 60
memory_limit = 256M
; force strict session settings
session.use_strict_mode = 1
session.cookie_httponly = 1
session.cookie_secure = 1
session.use_only_cookies = 1
; opcache
opcache.enable = 1
opcache.enable_cli = 0
opcache.validate_timestamps = 0
opcache.memory_consumption = 128
opcache.interned_strings_buffer = 16
opcache.max_accelerated_files = 12000
opcache.save_comments = 1
opcache.jit = 0
; timezone (override manually)
date.timezone = Asia/Tehran
; forbid URL file wrappers unless needed
allow_url_fopen = Off
allow_url_include = Off
; security hardening
cgi.fix_pathinfo = 0
; hard unbreakable srcurity
session.cookie_samesite = Strict
opcache.restrict_api = /usr/local/php/opcache