FAQ: How to change PHP settings using .htaccess

This is the archive off all FAQ related threads.
User avatar
Joomla! Guru
Joomla! Guru
Posts: 828
Joined: Tue Jun 06, 2006 7:41 am
Location: California, Germany, Norway

FAQ: How to change PHP settings using .htaccess

Post by rliskey » Wed Oct 04, 2006 2:43 am

This FAQ explains how to set boolean PHP configuration directives using php_flag. The format for php_flag is: php_flag name on|off

1. Open the .htaccess file located in your site's home directory, or if you don't have one, create a blank one now.

2. Add any of the following code samples to your .htaccess file, each on it's own line.

Prevent Global Variable Injection Attacks

Code: Select all

php_flag register_globals off 
Prevent Cross Site Scripting (XSS) Attacks

Code: Select all

php_flag allow_url_fopen off 
Prevent Code Injection Attacks

Code: Select all

php_flag magic_quotes_gpc on
Note that although the magic_quotes_gpc directive adds a layer of security, for performance reasons it is not considered a best practice. If you have verified that your site correctly filters and validates all user data (and every production site really should), then there is no need to add this directive. If you have any doubt, add it.

3. Save the .htaccess file in your site's home directory.

4. Test your site's front end and back end.

Discussion: http://forum.joomla.org/index.php/topic,101911.0.html

Back to Security FAQ Table of Contents

Search Keywords: security, htaccess
Last edited by rliskey on Mon Nov 06, 2006 1:56 am, edited 1 time in total.


Return to “FAQ Archive”