Nowadays so many php based "malicious intruding activity" is going on the Web Hosts. But we want to keep a close eye on our server - so, we can provide our customer a secure environment because we know the value of important information of the customer. We will suggest you to use your own php.ini , so you can define your own settings in it. It will surely help our other customers too.

The two most common settings that clients will want to change are the "register_globals" and "allow_url_fopen" settings. For new accounts both of these default to off. All new versions of php default register_globals to off and we wanted to copy that. We have seen several clients have their websites compromised by badly written PHP code and the "magic" of allow_url_fopen, so we have set this to off.

Defaults are:

register_globals = 0
allow_url_fopen = 0

Changing these is easy. You can place a file called php.ini the top directory of your website containing the settings you want.

If you need to have different settings for different parts of your website, then you need to use a ".htaccess" file to change the PHPRC environment variable (and create a second php.ini file). (Please contact support for help. We also need to re-map the path for the PHP binary, otherwise the SetEnv doesn't apply.) This can be a bit tricky because you need to get the paths right. The .htaccess file contains

SetEnv PHPRC /home/USERID/SUBDIR

USERID would be your FTP userid (probably, some accounts have two USERIDs in their path). SUBDIR would be the directory you put your modified php.ini file into. You are done. Any PHP file in the directory containing that .htaccess file (or it's subdirectories) will get it's php.ini values from the php.ini file you put in "/home/USERID/SUBDIR".

(Wondering what register_globals and allow_url_fopen are? register_globals is covered at the PHP site here and here. allow_url_fopen allows PHP to open http:// and ftp:// URLs the same way it would normally open a file on the hard drive. In combination with badly/insecurely initialized variables it can result in PHP running code off an attackers website (very very bad news).

Zend Optimizer for PHP
Adding the following to your php.ini file should enable the Zend optimizer.

[Zend]
zend_optimizer.optimization_level=15
zend_extension_manager.optimizer=/usr/local/scripts/Zend/lib/Optimizer
zend_extension_manager.optimizer_ts=/usr/local/scripts/Zend/lib/Optimizer_TS
zend_extension=/usr/local/scripts/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/scripts/Zend/lib/ZendExtensionManager_TS.so

.htaccess Files
We have a number of existing pages covering .htaccess files. The most commonly used .htaccess page covers redirects, allowing and denying access, setting custom error messages, and changing the mime-types. Another page describes how to include other pages and scripts in your files. (This can be a nice way to do headings and footers.) The last page talks about some of the variables (like the current time) that you can include in your pages.

If you are facing much difficulties, let us know by dropping a ticket in the SUPPORT.