Linux + How To Install And Configure Suhosin As A Xampp Extension

Assumptions:
=> You are running a Linux-based system – this guide is mostly targeted at debian based systems like ubuntu, linux mint or debian itself..etc
=> You have installed Xampp at the following path: /opt/lampp/ (if you have it somewhere else, use your path)
=> You are familiar with the bash terminal or a linux terminal

What Is Suhosin?

~ Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

~ Suhosin is the big brother to the Hardened-PHP patch which adds an extra level of protection to PHP. Installing Suhosin can be a bit confusing so we’ll show you how it can be easily installed on Linux

[- from suhosin homepage]

How To Install Suhosin As A Xampp Extension

To install suhosin as a xampp extension, follow the simple steps below..
STEPS:

  1. Download Suhosin source package from it’s official download page
  2. Extract it in a folder of your choice
  3. Change directory to the extracted suhosin folder: # cd suhosin-xxx
  4. run phpize : # /opt/lampp/bin/phpize
  5. # ./configure –enable-suhosin –with-php-config=/opt/lampp/bin/php-config
  6. # make
  7. # sudo make install
  8. Edit your php.ini and add enabled the extension, by adding the line extension=suhosin.so
  9. restart your xampp: # sudo /opt/lampp/lampp restart

How To Configure Suhosin In php.ini

The settings below is what works for me on my dev system, but I would advice you to enabled one-by-one and understand the effect it has on your system. This is the best way to adapt those settings to suit your needs.

suhosin.apc_bug_workaround = On
suhosin.session.encrypt = Off
;suhosin.executor.disable_eval=On
suhosin.executor.disable_emodifier=On
suhosin.sql.bailout_on_error=On
suhosin.executor.include.max_traversal=4
suhosin.mail.protect=2
suhosin.memory_limit=128M
suhosin.filter.action=402
suhosin.request.max_array_depth=4096
suhosin.request.max_array_index_length=2048
suhosin.request.max_name_length=2048
suhosin.request.max_value_length=650000
suhosin.request.max_vars=4096
suhosin.post.max_array_depth=8048
suhosin.post.max_array_index_length=1024
suhosin.post.max_name_length=2048
suhosin.post.max_totalname_length=8048
suhosin.post.max_vars=4096
suhosin.upload.max_uploads=100
suhosin.executor.eval.blacklist=”include, include_once, require, require_once, curl_init,fpassthru,file, base64_encode, base64_decode, mail, exec, system, proc_open, leak, syslog, pfsockopen, shell_exec, ini_restore, symlink, stream_socket_server,
proc_nice,popen, proc_get_status, dl,  pcntl_exec, pcntl_fork, pcntl_signal, pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, socket_accept, socket_bind, socket_connect, socket_create, socket_create_listen, socket_create_pair,
link, register_shutdown_function, register_tick_function”

NOTE:
=> If you are using systems like wordpress or any other php-systems like forums..etc
Do not enabled ‘suhosin.executor.disable_eval‘, since all those systems use the evil php function eval(). If you enabled it, you wil simply see a blank screen – You have been informed! 😀

–<How about your settings? What works for you?

Possible Errors During Execution Of phpize


2 Comment(s)

  1. Hello Folks, could you move the little facebook, twitter etc, submit popup? or make it movable because it make for difficult reading of your pages.

    Regards,

    Chris

  2. Hi Chris..
    could you please tell me more about it? How does it make reading difficult?

    I have tried it with several different browsers and it seems fine. And you are the first to actually point out this issue. Would appreciate if you could tell me how you viewed this page, OS (is it via mobile?) and browser that you use.

    Thanks,
    //Wasseem



Leave a Reply to Khayrattee Wasseem Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.