The Default Settings on a PHP Web Hosting

PHP Versions

Below is a list of PHP settings and Apache modules that are installed and enabled by default.

  • php-apc 3.1

  • Apache 2.4

    • mod_filter.c

    • mod_vhost_alias.c

    • mod_unixd.c

    • mod_status.c

    • mod_setenvif.c

    • mod_rewrite.c

    • mod_remoteip.c

    • mod_negotiation.c

    • mod_mime.c

    • mod_info.c

    • mod_headers.c

    • mod_fastcgi_handler.c

    • mod_expires.c

    • mod_env.c

    • mod_dir.c

    • mod_deflate.c

    • mod_autoindex.c

    • mod_authz_user.c

    • mod_authz_host.c

    • mod_authz_core.c

    • mod_authn_file.c

    • mod_authn_core.c

    • mod_auth_basic.c

    • mod_alias.c

    • mod_access_compat.c

    • event.c

    • http_core.c

    • mod_so.c

    • core.c

Specific Settings

PATH_INFO

The PATH_INFO option has been activated at the level of PHP, which implies that specific URLs like index.php/object will work without necessarily adding rewrite rules to the .htaccess file.

allow_url_fopen

allow_url_fopen is enabled on your web hosting. We recommend using curl. See https://phpsec.org/projects/phpsecinfo/tests/allow_url_fopen.html for more information.

php.ini

The php.ini file cannot be customized, but you can configure some parameters using the custom-php.ini. More information, on this page.

Show PHP Errors

Error logs are displayed via your web hosting admin page. If you want to see them directly on your web page, you must enable error reporting with the following code :

<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
?>

max_execution_time

The public and the administration areas of your web hosting have a max_execution_time of 180 seconds; It is not possible to increase this. You can only lower it by using the ini_set () or set_time_limit().

Add Headers

Since version 2.4, Apache has been more strict about how HTTP headers are converted to environment variables in mod_cgi and other modules. Previously any invalid characters in header names were simply translated to underscores. This allowed for some potential cross-site-scripting attacks via header injection. It is recommended to use the character ‘-’ in the name value of the header, then it will be automatically converted to ‘_’ by Apache.

Modify the Limit of post_max_size and upload_max_filesize

It is not possible to change these values at present. The default value is 128MB.