| Setting | Current | Recomended | Description |
|---|
| allow_url_fopen | 1 | 0 | Remote files should not be accessable using fopen. |
| allow_url_include | 0 | 0 | You should not be able to include remote scripts using include. |
| always_populate_raw_post_data | 0 | 0 | This does not need to be used. The preferred method for accessing the raw POST data is php://input. |
| display_errors | 0 | 0 | Error messages should be suppressed |
| display_startup_errors | 0 | 0 | Startup errors should be suppressed. |
| enable_dl | 0 | 0 | Disable loading of dynamic extensions. |
| error_log | | /custom/location | Should be set to the location of the php error log. |
| file_uploads | 1 | 0 | This may be impractical but if not needed file uploading should be disabled. |
| log_errors | 1 | 1 | All errors generated by PHP should be logged to a file. |
| log_errors_max_len | 1024 | > 2048 | At least 2048 characters of the error message should be stored in the error log. |
| max_execution_time | 30 | < 20 | Execution time should be limited to 20 seconds or less. |
| max_file_uploads | 20 | < 10 | The maximum mumber of files that can be uploaded in 1 go. |
| max_input_nesting_level | 64 | < 32 | Maximum level of nesting of objects 32 is sufficent. |
| memory_limit | 134217728 | < 16777216 | The maximum memory limit for each script should be 16M or less. |
| open_basedir | | /the/webroot | Limit the files that can be opened by PHP to the webroot. |
| post_max_size | 8388608 | < 4194304 | The maximum post size should as small as reasonably possible to mitigate the risk of DOS attacks. |
| session.cookie_httponly | 0 | 1 | Cookies must be httponly by default |
| session.entropy_file | | /dev/random | Provides a random seed for generating the session. |
| session.entropy_length | 0 | > 32 | The number of bytes to read for gathering entropy for session generation. |
| session.hash_bits_per_character | 0 | > 5 | The number of bits encoded per character of the session key. |
| session.hash_function | 0 | 1 | MD5 should be replaced with SHA-160 as it is a more complex and secure hashing algorithm. |
| session.name | PHPSESSID | Custom String | The name given to the PHP Session. It is recomended this be changed from the default. |
| session.save_path | /var/opt/rh/rh-php73/lib/php/session | /custom/location | The save path for the session should be changed from the default /tmp. |
| session.use_only_cookies | 1 | 1 | Session variables should only be passed in cookies. |
| session.use_trans_sid | 0 | 0 | Sessions should not be allowed in GET paramaters. |
| upload_max_filesize | 2097152 | < 8388608 | The maximum upload file size should be less than or equal to the maximum post size. |
| upload_tmp_dir | | /custom/location | Change the location of where files are initally uploaded to |