OpenML icon indicating copy to clipboard operation
OpenML copied to clipboard
verified publisher icon openml

Security hardening: disable expose_php, raise max_input_time, remove Indexes

Open lucifer4330k opened this issue 1 month ago • 0 comments

Security hardening for server defaults.

Findings

  • php.ini has expose_php = On. Best practice is Off.
  • php.ini has max_input_time = 60, which can abort large multipart/form-data uploads while PHP is still reading POST data. After raising upload limits to 5G, this should be increased.
  • Apache site config docker/config/api.conf sets Options Indexes for the document root, enabling directory listings (not needed for API).

Proposed changes

  • Set expose_php = Off in docker/config/php.ini.
  • Set max_input_time = 3600 (or -1) in docker/config/php.ini.
  • Change <Directory /var/www/openml> Options to remove Indexes.

Acceptance criteria

  • No directory listing anywhere under DocumentRoot.
  • expose_php disabled.
  • Large uploads do not time out during PHP input parsing.

lucifer4330k avatar Nov 17 '25 09:11 lucifer4330k