Linux, PHP, LAMP, The Web in a blog

ab -n 1000 -c 5 http://mydomain.com/bench.htm
makes 1000 separate requests for the same file with a concurrency (simultaneous requests) of 5

Add this in your Apache configuration file:
SetEnv ENVIRONMENT “dev”

In this way, thanks to the SetEnv instruction, we have created some environment variables in Apache that can be used inside our PHP code.
In our PHP script we can access the variable this way:
$env= $_SERVER[’ENVIRONMENT’];

PHP

• Disable error messages
• expose_php Off
• session.use_only_cookies = 1
• allow_url_fopen Off

  [if you don’t really need the opposite]

• register_globals = Off
• magic_quotes_gpc = ???

  This directive was introduced for improving security preventing SQL Injections, and it does. But it’s much better to put it Off and take care of escaping characters by yourself inside the PHP code for two main reasons. It doesn’t use a native function for your database and adds a level of complexity (infact if one of your input data can contain some quotes you’d need to use the stripslashes function )

Apache

• ServerTokens ProductOnly
• ServerSignature Off

In a shared environment you could use these directives as well (for PHP):

• disable_functions
• enable_dl
• memory_limit
• max filesize in uploading
• safemode ON

Add this in the Apache configuration file:

The Require user parameter could have a list of usernames space-separated.

Usually path_to_passwords_file is /etc/httpd/passwords
If you can’t find the file:
http://httpd.apache.org/docs/1.3/howto/auth.html

Launch this command:

htpasswd path_to_passwords_file username

Restart the server

Don’t forget to uncomment the line:

NameVirtualHost *:80

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Check that DirectoryIndex directive contains:

index.html index.htm index.php

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Typical setup for dev environment

<VirtualHost *:80>
DocumentRoot /var/www/html/example.com/dev/html
ServerName dev.example.com

<Directory /var/www/html/example.com/dev/html>
AllowOverride All
</Directory>

AddDefaultCharset UTF-8

php_flag display_errors on
php_flag display_startup_errors on
php_value error_reporting 2047
</VirtualHost>

The  AllowOverride All directive allows you to use a .htaccess file.

Typical setup for staging environment

<VirtualHost *:80>
DocumentRoot /var/www/html/example.com/staging/html
ServerName staging.example.com

<Directory /var/www/html/example.com/staging/html>
AllowOverride All
</Directory>

AddDefaultCharset UTF-8

php_flag display_errors on
php_flag display_startup_errors on
php_value error_reporting 2047
</VirtualHost>

Typical setup for live environment

<VirtualHost *:80>
DocumentRoot /var/www/html/example.com/live/html
ServerName www.example.com

ServerAlias example.com

ServerAlias example2.com
<Directory /var/www/html/example.com/live/html>
AllowOverride All
</Directory>

AddDefaultCharset UTF-8

php_flag display_errors off
php_flag display_startup_errors off
php_value error_reporting 0
</VirtualHost>

The ServerAlias directive allows to reach the website even without using www at the begin of URL

Don’t forget to uncomment the line:

NameVirtualHost *:80

There must be just ONE ServerName directive and how many ServerAlias directives you need.

Checking the configuration file sintax before restarting the server:

apachectl -t

Some hosting provider set register_globals to ON just for compatibility to old open source projects.
In this case, you should be able to override that just putting this line in your .htaccess file:
php_flag register_globals on