How to customize PHP disable_functions in DirectAdmin

Instruction “disabled_function” Allows to disable certain functions. It takes a comma-delimited list of function names.

DirectAdmin uses directive for security purposes, and here’s a guide on how to customize it. We need to create a file /usr/local/directadmin/custombuild/custom/php_disable_functions with the list of our functions.

Let’s say we want to allow proc_close, proc_open Server-wide in DirectAdmin in PHP.

cd /usr/local/directadmin/custombuild
touch custom/php_disable_functions

A default list includes the following PHP functions:

exec, system, passthru, shell_exec, proc_close, proc_open, dl, popen, show_source, posix_kill, posix_mkfifo, posix_getpwuid, posix_setpgid, posix_setsid, posix_setuid, posix_setgid, posix_seteuid, posix_setegid, posix_uname

Our custom list will look like the following (does not include proc_close, proc_open,

exec, system, passthru, shell_exec, dl, popen, show_source, posix_kill, posix_mkfifo, posix_getpwuid, posix_setpgid, posix_setsid, posix_setuid, posix_setgid, posix_seteuid, posix_setegid, posix_uname

For this we run:

cd /usr/local/directadmin/custombuild
echo "exec,system,passthru,shell_exec,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname" > custom/php_disable_functions

And then update the configuration:

./build set secure_php yes
./build secure_php

After the process is completed we need to check the results with:

php -i | grep ^disable_functions

without it expect to see modified list of disabled tasks proc_close, proc_openi.e. deprecated functions are now allowed.

That’s it.

Leave a Comment