vincent15000's avatar

php.ini in the public folder ?

Hello,

I need to add a php.ini file to the application to modify a directive on the shared webhosting.

upload_max_filesize = 20M

Is it a problem to put the file inside the public folder ? According to the documentation of the shared webhosting, that's the right place.

But I think it would be better to set the PHP limit inside the .htaccess file. But this way I get an error on the shared webhosting.

php_value upload_max_filesize 20M

Thanks for your suggestions.

V

0 likes
11 replies
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

Hello V,

Placing a php.ini file in the public folder can be a security risk because it might expose sensitive information about your server configuration to the public if it's not properly protected. It's generally not recommended to place configuration files within the publicly accessible directory.

However, if your shared hosting provider's documentation specifically instructs you to place the php.ini file in the public folder, and you have no other option, you should ensure that direct access to the php.ini file is restricted. You can do this by adding a rule in your .htaccess file to deny access to the php.ini file.

Here's how you can do it:

<Files "php.ini">
    Order Allow,Deny
    Deny from all
</Files>

Add this snippet to your .htaccess file in the public folder. This will prevent external access to the php.ini file while still allowing PHP to read the configuration settings.

Regarding setting the upload_max_filesize directive in .htaccess, this is possible if your server runs PHP as an Apache module. The directive would look something like this:

php_value upload_max_filesize 20M

If you're getting an error when trying to set this in .htaccess, it's possible that your hosting provider does not allow these overrides or PHP is not running as an Apache module. In that case, you would need to use the php.ini method.

Remember to check with your hosting provider's support if you're unsure about the best approach, as they may have specific guidelines or alternative methods for setting PHP directives on their servers.

Always ensure that you're following best practices for security, especially on a shared hosting environment.

1 like
Snapey's avatar

it won't be an issue if thats the only setting in the file.

1 like
vincent15000's avatar

@Snapey It will effectively be the only setting in the file. It is worth protecting the file with these lines in the .htaccess file ?

<Files "php.ini">
    Order Allow,Deny
    Deny from all
</Files>
martinbean's avatar
martinbean
2 years ago
Best Answer
Level 80

@vincent15000 It would be better to upload large files in chunks, instead of trying to increase the upload_max_filesize directive which may be moot if you then hit memory limits given it’s a shared server, and resources (including RAM) will be shared amongst all customers’ sites on that server.

1 like
vincent15000's avatar

@martinbean Hmmm I didn't thought about this point.

However my client doesn't upload a big amount of large files. The majority of the files are only around 100 k / 200 k. So it's probably a good temporary solution to increase the upload_max_filesize.

But effectively it would be better to upload large files in chunks, but I've never done that.

I have 2 questions :

  • is it possible to do that with Livewire ? Or will I have to change the code ? I have checked in the Livewire documentation, but nothing is documented about chunks.

  • I have seen that there are libraries like https://github.com/pionl/laravel-chunk-upload, but I don't have checked yet if it's compatible with Livewire.

martinbean's avatar

@vincent15000 Well why are you trying to increase the upload_max_filesize to 20 MB if clients are only uploading files 100–200 KB in size?

1 like
vincent15000's avatar

@Snapey That's interesting, but in my case I can't have a dropzone. Is there another way ?

Please or to participate in this conversation.