Instruction “disabled_function” Allows to disable certain functions. It takes a comma-delimited list of function names.
DirectAdmin uses directive for security purposes, and here’s a guide on how to customize it. We need to create a file /usr/local/directadmin/custombuild/custom/php_disable_functions with the list of our functions.
Let’s say we want to allow proc_close, proc_open Server-wide in DirectAdmin in PHP.
cd /usr/local/directadmin/custombuild
touch custom/php_disable_functions
A default list includes the following PHP functions:
exec, system, passthru, shell_exec, proc_close, proc_open, dl, popen, show_source, posix_kill, posix_mkfifo, posix_getpwuid, posix_setpgid, posix_setsid, posix_setuid, posix_setgid, posix_seteuid, posix_setegid, posix_uname
Our custom list will look like the following (does not include proc_close, proc_open,
exec, system, passthru, shell_exec, dl, popen, show_source, posix_kill, posix_mkfifo, posix_getpwuid, posix_setpgid, posix_setsid, posix_setuid, posix_setgid, posix_seteuid, posix_setegid, posix_uname
For this we run:
cd /usr/local/directadmin/custombuild
echo "exec,system,passthru,shell_exec,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname" > custom/php_disable_functions
And then update the configuration:
./build set secure_php yes
./build secure_php
After the process is completed we need to check the results with:
php -i | grep ^disable_functions
without it expect to see modified list of disabled tasks proc_close, proc_openi.e. deprecated functions are now allowed.
That’s it.
Leave a Comment