I have a simple Apache with mod_php server on CentOS 7. I've disabled the exec function in php.ini but I need to use it on one Vhost. Now obviously I know I can't use multiple php.ini files and I know I can't change the disable_functions setting outside of the php.ini file, so I tried toying with other ideas.
Obviously my first option was to use fastcgi, or suPHP, etc. but I couldn't get them to work without breaking the server, and whilst I probably could eventually make them work, I'd rather find a different solution and stick with the simple mod_php.
My second thought was to install Nginx and php-fpm and get it to listen on another port, but despite setting disable_functions to an empty value, it still read the php.ini file as well and thus disabled the php_exec function.
So is there a relatively simple way of achieving this without having to reset up Apache with fastcgi?
Best Answer
Well I have a pretty good answer, thanks to pointers from Aaron
Install Suhosin using this
Add this to the bottom of
php.ini
file (a list of functions to blacklist):Finally, to the VirtualHost that should be allow to use the disabled functions, add this:
Suhosin forces a script to exit when it reaches a function that is blacklisted, rather than ignoring the function like the native disable functions setting.