Home About Articles Contact Library Projects

Consortium News

Fri, 20 Oct 2006
PHP Security Consortium Launches New Project - PHPSecInfo

Wed, 16 Nov 2005
Daniel Convissor Elected as Principal

Promotional Links

Please support us by providing a link to the PHP Security Consortium on your web site. You can also use our promotional image:

PhpSecInfo Test Information

post_max_size

Test Description

Coming soon.

Security Implications

This protection allows you to limit the maximum size POST request that PHP will process. Attackers may attempt to send grossly oversized POST requests to exhaust your system resources; by setting a realistic value here you can mitigate some of the damage by those attacks.

Recommendations

You can set post_max_size in the php.ini file:

; Lower post_max_size for security reasons
post_max_size = 256K

The setting can also be applied in apache's httpd.conf file, or an .htaccess file:

# Lower post_max_size for security reasons
php_value  post_max_size  256K

More Information

« Test information index

Get PhpSecInfo

Download Now »

Version: 0.2.1 20070406
md5 hash

Documentation

Mailing List »

Screenshots:

PhpSecInfo screenshot

PhpSecInfo screenshot