PHP Settings

l PHP Settings

PHP Settings

Please note: For extra security, CGI (PHP, FastCGI and WSGI) programs are run as owner (i.e., SFTP username) on the OlympusNet Apache web server, rather than being run as Apache. As a result, CGI programs by default have the same access permissions as the owner. One does not need to relax permissions for CGI programs to work, as is often done when programs are run as Apache.
To customize your PHP settings, please use the php.ini file located in your /home/username directory. Do not use the .htaccess files for PHP directives. The php_value directives will not work in the .htaccess file on OlympusNet, because of the extra security measures we take when running PHP. While .htaccess files work fine in general, php_value directives in .htaccess files such as "php_value memory_limit 32M" or "php_value allow_url_fopen On" will be ignored. Instead, each user with a PHP-enabled domain will have a file named php.ini in their home directory:

/home/username/php.ini

If you need to adjust your PHP settings, you can do so by editing that file. Full-shell customers can edit the file directly on the server, while SFTP-only customers will have to download the file, edit it, and re-upload it to the same location.
For example, if the application instructions suggest adding this line to .htaccess:
php_value memory_limit 32M
you can instead edit /home/username/php.ini, changing this line:
memory_limit = 16M
to:
memory_limit = 32M
Changes that are made to your php.ini file are picked up by PHP eventually, but not necessarily immediately. In order to force PHP to pick up the change immediately, PHP must be restarted. To enable this, each CGI domain has a script to restart PHP. That script is located on the server at:

/home/username/example.com/cgi-bin/restart-php

The script can be invoked by visiting the script's url in a web browser:

http://example.com/cgi-bin/restart-php

All domains operated through a single SFTP or shell account share a single php.ini file. Thus, if you require conflicting PHP settings for two different domain web accounts, those two domains will need to be accessed through different SFTP/shell accounts.

In theory, it is possible for a malicious user to cause a denial-of-service attack on the site by constantly loading the restart-php URL, forcing PHP to restart repeatedly. You may wish to protect the script using access controls in .htaccess files, or by moving the script out of the cgi-bin directory when it is not in use. (Your home directory is a good place to store items that should not be accessible via the web).

Updated 2007-05-16