You are now on my Technical Blog. My other sites: Personal Blog - Genealogy Blog - Genealogy Site

DLMax Max Westen's ramblings on OSX and PHP

Blog Category: php


Mod_security settings for Wordpress 3.x

Jan 01, 2012

If you enable mod_security on your apache server and you install the base-rules, you’ll probably notice the WordPress blog isn’t functioning correct anymore.

To fix this, you could add the following between the <vhost> tags in your vhost file that powers your blog:

<LocationMatch "/">
  SecRuleRemoveById 910006 # Google robot activity - Useful in someways but noisy for sites where you want them crawled
  SecRuleRemoveById 960015 # Request Missing an Accept Header -  Allow for Google Reader
</LocationMatch>

<LocationMatch "/wp-admin/post.php">
  SecRuleRemoveById 950006 # System Command Injection - Another rule that probably doesn't need to be disabled by everyone it stops .exe and various other extensions being passed in arguments.
</LocationMatch>

<LocationMatch "(/wp-admin/|/wp-login.php)">
  SecRuleRemoveById 950005 # Remote File Access Attempt - Probably no need to be disabled by everyone; it allows me putting /etc/ and other linux paths in posts.
  SecRuleRemoveById 950117 # Remote File Inclusion Attack - Disable to allow http:// to be passed in args
</LocationMatch>

<LocationMatch "(/wp-admin/options.php|/wp-admin/theme-editor.php|/wp-content/plugins/)">
  SecRuleRemoveById 950907 # System Command Injection
  SecRuleRemoveById 950005 # Remote File Access Attempt - Probably no need to be disabled by everyone; it allows me putting /etc/ and other linux paths in posts.
  SecRuleRemoveById 950006 # System Command Injection - Another rule that probably doesn't need to be disabled by everyone it stops .exe and various other extensions being passed in arguments.
  SecRuleRemoveById 959006 # SQL Injection Attack -
  SecRuleRemoveById 960008 # Request Missing a Host Header
  SecRuleRemoveById 960011 # GET or HEAD requests with bodies
  SecRuleRemoveById 960904 # Request Containing Content, but Missing Content-Type header

  SecRuleRemoveById phpids-17 # Detects JavaScript object properties and methods
  SecRuleRemoveById phpids-20 # Detects JavaScript language constructs
  SecRuleRemoveById phpids-21 # Detects very basic XSS probings
  SecRuleRemoveById phpids-30 # Detects common XSS concatenation patterns 1/2
  SecRuleRemoveById phpids-61 # Detects url injections and RFE attempts
</LocationMatch>

<LocationMatch "/wp-includes/">
  SecRuleRemoveById 950006 # System Command Injection - Another rule that probably doesn't need to be disabled by everyone it stops .exe and various other extensions being passed in arguments.
  SecRuleRemoveById 959006 # SQL Injection Attack -
  SecRuleRemoveById 960010 # Request content type is not allowed by policy - Allows for amongst other things spell check to work on admin area
  SecRuleRemoveById 960012 # Require Content-Length to be provided with every POST request - Same as above

  SecRuleRemoveById phpids-17 # Detects JavaScript object properties and methods
  SecRuleRemoveById phpids-20 # Detects JavaScript language constructs
  SecRuleRemoveById phpids-21 # Detects very basic XSS probings
  SecRuleRemoveById phpids-30 # Detects common XSS concatenation patterns 1/2
  SecRuleRemoveById phpids-61 # Detects url injections and RFE attempts
</LocationMatch>

There are a lot more exceptions, but these work in my situation at the moment. If you have good additional suggestions for mod_security exceptions or idea’s on improving security within these rules for WordPress, contact me and I might update the post or write a follow-up….

Happy and safe sitebuilding…

Goodbye Ibuildings, Hi Rhinofly

Jan 26, 2010

After being part of their highly skilled team for over 17 months I’ve decided to leave Ibuildings. I’d like to thank Ivo for believing in me and helping me out if needed. I’ve learned a lot and it’s been a privilege to work there.

Starting the first of March I’ll be developing in PHP at Rhinlofly. I hereby like to thank my family and Cal, Jouri and Remco for their support in the process of finalizing my decision to switch jobs.

Developing in PHP with NetBeans 6.8

Nov 25, 2009

The problem:

I love Textmate as an editor period.

There are some things though that I started missing while developing:

  • Code completion
  • Inline documentation
  • instant error checking
  • debugging from my editor
  • must have strong syntax highlighting support for dark themes like my favourite Sunburst

So I started looking around for an IDE(or Editor) that would work for me and that I could adhere to.

The contestants:

VIM:

I’ve heard a lot on VIM and really like the application. When you add a couple of plugins like Project, PHP-Doc, DelimitMate, SnipMate and Sunburst you can accomplish most of these tasks. An added feature is that you can configure VIM to work the same on your remote systems too, so it virtually doesn’t matter if you’re on Mac, Windows or Linux or working trough an SSH connection; your editor functions and looks the same. Most features from my list can be accomplished in VIM, but I can’t get used to the shortcuts. There are a lot of them and all of them are new compared to windows/mac users. If you’re in a full-time development job I think it’s very difficult to learn the new way of working and still deliver on time. So for me VIM isn’t something that can be used out of the box.

Eclipse PDT:

Eclipse with PDT 2.1 is another IDE I hear a lot of good comments on. All of the things I want to see in an alternative editor/IDE is there, except for the strong Syntax highlighting and easy themeing. Colours can be changed, but have to be changed on a lot of different locations, making it hard to do consistently. The PDT plugin has some nice features, but the syntax highlighting could be much better. Eclipse with PDT isn’t my thing because of the lack of syntax highlighting features, the difficult themeing (especially to darker themes) and the high memory consumption.

Aptana

Aptana Studio 2.0 is a good IDE (I’ve used it before) with a very nice PHP plugin, but changed to use the PDT eclipse plugin. There is a way to use the older PHP plugin, but because development on that plugin has ceased, I don’t recommend it. The PDT plugin with Aptana has lacks the same points as discussed above under "Eclipse PDT".

Zend Studio:

Zend Studio 7.1 basically is Eclipse with the PDT plugin and some added features; specifically focussed on "Zend Framework", "Zend Server" and "Zend Debugger". Zend Studio isn’t a fit for me, because the problems I have with the Eclipse PDT plugin are the features taken from this plugin. If these points would improve it would be a good choice for me. The price could be a turnoff though if a free IDE is available that can do most you need.

Komodo IDE:

Komodo IDE 5.2 is a stable IDE and has a smaller memory footprint then the eclipse based tools. It has support for a multitude of languages, VCS(=Version Control Systems). The support for PHP and debugging are good and this is one of the few IDEs that are quite easy to style in a dark background. There are only 2 downsides for me; the price and the syntax highlighting could be even better. The price isn’t that high for a business, but I found an alternative that fits me better.

NetBeans:

Netbeans 6.8 (currently in beta) is like Komodo a stable IDE with smaller memory footprint. It fits my wish-list and I can adapt quite easily to the shortcuts and natural for me. It’s a full featured IDE with all the bells and whistles. Room for improvement would be: More VCS plugins (Git), support for the Zend Debugger, scriptable (regexp) like syntax highlighting support, to be able to add custom highlighting.

NetBeans Tips:

Font rendering in NetBeans on OSX:

I love the anti-aliasing done by TextMate to my coding fonts. If you want to achieve the same effect in NetBeans, you need to add 2 parameters to the application startup-file.

  1. Open the finder and go to the NetBean.app file.
  2. Press the right mouse-button (or ctrl+click) and select the option "Show Package Contents".
  3. In the new opened finder window, go to the following location: "Contents/Resources/NetBeans/etc/"
  4. Edit the file: "netbeans.conf"
  5. add the following to the end of the line starting with: "netbeans_default_options=" -J-Dsun.java2d.noddraw=true -J-Dapple.awt.graphics.UseQuartz=true
  6. save the file and start NetBeans.

The font will be like you used to see in TextMate.

Preventing Java crashes on OSX 10.6:

Update: I’ve updated to the final 6.8 release now and it runs fine on Java 6, so this workaround is probably not needed….

If you are working on OSX Snow Leopard (10.6) and NetBeans crashes randomly, it’s worth a try to downgrade your Java from 6 to 5. This probably greatly improves stability for NetBeans and other Java applications running on OSX. To downgrade, I followed the steps outlined on the oneswarm wiki and put them up here too.

Get the java 5 that was included in 10.5 "leopard" and unpack

cd /tmp/
curl -o java.1.5.0-leopard.tar.gz http://www.cs.washington.edu/homes/isdal/snow_leopard_workaround/java.1.5.0-leopard.tar.gz
tar -xvzf java.1.5.0-leopard.tar.gz

Move it to your System java folder (password needed)

sudo mv 1.5.0 /System/Library/Frameworks/JavaVM.framework/Versions/1.5.0-leopard

Tell OS X that java 5 actually is java 5

cd /System/Library/Frameworks/JavaVM.framework/Versions/
sudo rm 1.5.0
sudo ln -s 1.5.0-leopard 1.5.0
sudo rm 1.5
sudo ln -s 1.5.0 1.5

Open Java Preferences

open "/Applications/Utilities/Java Preferences.app"

Change the properties to use Java 5 32-bit by default:

Start NetBeans and you’re done !

Installing xDebug 2.0.4 or 2.1 on OSX

Jan 13, 2009

In my previous post we installed the latest apache and php from source and now I’d like to install xDebug to it. As stated in the comments on the previous post, I like living on the edge, so I build it myself, instead of using packages like MAMP or XAMMP or using binaries. With that out of the way we can prepare our system for the addition of PHP modules.

Because we didn’t need these commands for normal operation, phpize and php-config were still the standard Apple ones. We now need these commands, so we’ll make sure,just in case, the latest ones are used; open up your terminal and execute the next lines:

sudo mv /usr/bin/phpize /usr/bin/phpize-leopard
sudo ln -s /opt/local/php/bin/phpize /usr/bin/phpize
sudo mv /usr/bin/php-config /usr/bin/php-config-leopard
sudo ln -s /opt/local/php/bin/php-config /usr/bin/php-config

Create a folder to contain the sources for xDebug. It’s fine to use a filder in your userdir, so we’ll be using the ‘source’ folder in your homedirectory(if you want you can choose another folder).

mkdir ~/source
cd ~/source

Now you can go along two paths:

  1. Download the sources for the **stable release(2.0.4)** of the xDebug package and extract it to a folder(a folder source/xdebug in your homedirectory is fine). Enter the next commands to download and extract the source:
    curl -C - -O http://xdebug.org/files/xdebug-2.0.4.tgz
    tar xzf xdebug-2.0.4.tgz
    cd xdebug-2.0.4
    
  2. Get the **latest version(2.1 unstable)** by downloading from CVS. The advantage is you can use several newer features (like errors that contain a link to the file and linenumber, opening in your IDE or editor of choice). Execute the following commands:
    mkdir ~/source
    cd ~/source
    cvs -d :pserver:srmread@cvs.xdebug.org:/repository login
    
    Then enter the password srmread and issue the next commands;
    cvs -d :pserver:srmread@cvs.xdebug.org:/repository co xdebug
    cd xdebug
    

Now we have the sources in the source/xdebug folder in our homedirectory(make sure you are in the folder containing the config.m4 file). Prepare this package for the php version at hand by using the next command:

phpize

Then we need to set some parameters to ensure proper compiling on the mac(this should work on all flavors; Intel and PPC based Macs):

export MACOSX_DEPLOYMENT_TARGET=10.5 CFLAGS="-arch ppc -arch ppc64 -arch i386 -arch x86_64 -g -Os -pipe -no-cpp-precomp"
export CCFLAGS="-arch ppc -arch ppc64 -arch i386 -arch x86_64 -g -Os -pipe" 
export CXXFLAGS="-arch ppc -arch ppc64 -arch i386 -arch x86_64 -g -Os -pipe" 
export LDFLAGS="-arch ppc -arch ppc64 -arch i386 -arch x86_64 -bind_at_load" 

Then we can compile and build the module:

./configure --enable-xdebug
make

We’ll copy the module to the PHP modules folder, because that’s were it’s going to be used ;)

sudo cp modules/xdebug.so /opt/local/php/modules

Add the following to the end of the /opt/local/php/lib/php.ini file:

[xdebug]
zend_extension=/opt/local/php/modules/xdebug.so

Now restart your webserver to incorporate the changes to the php.ini file:

sudo apachectl restart

If you go to the testpage we created in the last blogpost(or if you create a new php file containing phpinfo(); in your webroot), it should then show the following bar at the top:

for version 2.0.4:

phpinfo() banner for xDebug 2.0.4

and for 2.1 dev:

phpinfo() banner for xDebug 2.1-dev

And almost at the bottom of the page there should be all xDebug parameters.

Now every time we use a var_dump() it looks like this:

xDebug var_dump()

And if an error occurs, it shows like this:

xDebug PHP Error

At this time we have more advanced error reporting and we have better looking var_dumps() and we can connect a debugger to xDebug and can use xDebug for application profiling.

More on how to do this on MacOSX in the next post.

Installing PHP 5.2.8 on OSX Leopard 10.5.6

Dec 29, 2008

Because I travel a lot by train, it’s easy to have a local development environment with me. Because OSX Leopard contains Apache2 and PHP 5.2.6, I installed MySQL, ZF, PEAR, setup the vhost conf for apache and added the path to the ZF and PEAR libraries to /etc/php.ini. This seemed to work fine for a day or two, but after that I needed to use the PDO_MySQL library. This didn’t really work… The fact is that PDO_SQLite and PDO_SQLite2 are compiled along the installed PHP library, but PDO_MySQL isn’t… Big FAIL!.

So, we’ll have to setup a new PHP/Apache2 combo…..

Okay let’s start:

1. Install the Apple Developer tools

If you haven’t done it already, install the Developer Tools(XCode 3) from the OSX DVD

2. Install and update MacPorts

If you haven’t installed MacPorts on your system, do so by downloading it from the MacPorts website and running the installer. Now open a terminal window and update MacPorts:

sudo port selfupdate
sudo port sync

3. Install apache2

Create the following directory and symlink for the correct use of MySQL (the install searches there for libraries):

sudo mkdir /usr/local/mysql/lib/mysql
sudo ln -sf /usr/local/mysql/lib/lib* /usr/local/mysql/lib/mysql/

Install Apache2:

sudo port install apache2

Let the apache2 process be autostarted by the system:

sudo launchctl load -w /Library/LaunchDaemons/org.macports.apache2.plist

Move the old Apache stuff out of the way:

sudo mv /usr/sbin/apachectl /usr/sbin/apachectl-leopard
sudo ln -s /opt/local/apache2/bin/apachectl /usr/local/bin/apachectl

Copy the sample conf file and make it the default

sudo cp /opt/local/apache2/conf/httpd.conf.sample /opt/local/apache2/conf/httpd.conf

Now you can modify your apache settings to your liking, but remember to use only the ones in the /opt/local/apache2/conf directory; the old configs(/etc/apache2/conf) are not used anymore.

4. Install the additional stuff needed

Then make sure we have everything installed we want in there; I want: GD libraries, iconv, PDO_MySQL, curl

sudo port install jpeg
sudo port install libpng
sudo port install freetype
sudo port install libmcrypt
sudo port install tidy
sudo port install libiconv

Rename the default iconv.h because it generates errors while compiling PHP

sudo mv /usr/include/iconv.h /usr/include/iconv.h.leo_orig
sudo ln -s /opt/local/include/iconv.h /usr/include/iconv.h

5. Download, configure and install PHP

Download the php5.2.8.tar.gz file from the PHP website. go to your download directory and run

tar xvzf php-5.2.8.tar.gz 

Then move this folder to the /opt/local/php-5.2.8 folder

sudo mv php-5.2.8 /opt/local/

Then create a symlink that you can compile against:

sudo ln -s /opt/local/php-5.2.8 /opt/local/php

Go into the newly created ‘folder’:

cd /opt/local/php/

Now configure PHP:

'./configure' \
'--prefix=/opt/local/php' \
'--with-apxs2=/opt/local/apache2/bin/apxs' \
'--with-xsl=/usr' \
'--with-tidy=/opt/local' \
'--with-ldap=/usr' \
'--with-kerberos=/usr' \
'--enable-mbregex' \
'--enable-ftp' \
'--with-iodbc=/usr' \
'--with-curl=/usr' \
'--enable-mbstring' \
'--with-gd' \
'--with-jpeg-dir=/opt/local' \
'--with-png-dir=/opt/local' \
'--with-zlib-dir' \
'--enable-sockets' \
'--enable-exif' \
'--with-mcrypt=/opt/local' \
'--enable-soap' \
'--with-mysql=/usr/local/mysql' \
'--with-mysqli=/usr/local/mysql/bin/mysql_config' \
'--with-pdo-mysql=/usr/local/mysql/bin/mysql_config' \
'--with-mysql-sock=/tmp/mysql.sock' \
'--with-freetype-dir=/opt/local' \
'--with-openssl=/opt/local' \
'--with-iconv=/usr' \
'--with-libxml-dir=/usr' \
'--with-xmlrpc' \
'--enable-cli'

Then make and install php:

sudo make
sudo make install

And rename the old PHP and create a symlink to the new binary:

sudo mv /usr/bin/php /usr/bin/php-leopard
sudo ln -s /opt/local/php/bin/php /usr/bin/php

copy the new php.ini file and edit it to your liking:

sudo cp php.ini-dist lib/php.ini

Note: The new php.ini file in use is the one located at: /opt/local/php/lib/php.ini

6. Restart the webserver

Up until now the old webserver was running. Shut it down and then start the new apache2:

sudo apachectl-leopard stop
sudo apachectl start

If all went well, Apache is running and PHP scripts get executed. Please check the installed features by calling a page with the following code on it, to ensure everything is installed.

In the next post we will add xDebug to the stack and later on the debugging environment is setup for different IDEs.

Part2: Installing xDebug on OSX

Newer Older