I've installed the new RoundCube Webmail version 0.3 succesfully into a web on an ISPConfig2 server for apache2 with suPHP enabled. One of the system requirements of RoundCube 0.3 is that suhosin.session.encrypt is turned off, so RoundCube comes with it's own .htaccess file, which contains the line: php_value suhosin.session.encrypt Off However, this does not seem to work, as the RoundCube installer shows that suhosin.session.encrypt is still On. So, for the time being i added the following line into the file /etc/php5/cgi/php.ini: suhosin.session.encrypt = 0 After that, i restarted Apache2 and now everything seems to work, however i'm not happy with this setting. I want to disable suhosin.session.encrypt only for the RoundCube and not for all the websites which make use of suPHP. Is there any other possibility to turn off the suhosin.session.encrypt variable for only the 1 single web which uses suPHP? Of course i can create en exclusive php.ini file for the web, but probably there is an other solution i do not see. By the way: i've the following in the Apache Directive field of the site: RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L] <Directory "/var/www/web100/web"> Options FollowSymLinks AllowOverride All </Directory> Thanks for any help!
Have you tried to add php_value suhosin.session.encrypt Off to the Apache Directives field of that web site?
Hi Falko, Now i have: php_value suhosin.session.encrypt Off That does not seem to work. I found out that suPHP does not support the php_value/php_admin_value directive known by mod_php to parse configuration options to scripts for certain virtual hosts or directories. Is there any other possibility to disable suhosin.session.encrypt for this single site which is using suPHP?
suhosin.encrypt off for 1 single web (PHP5-cgi+suPHP) Hi falko, Thanks for your feedback. This is what i've done to create a custom php.ini file for the RoundCube site with php5-cgi+suPHP by doing: - copy the global php.ini file to the etc directory of the web: cp /etc/php5/cgi/php.ini /var/www/web100/etc/ - remove the line suhosin.session.encrypt = 0 from the global php.ini file for php5-cgi, which is: /etc/php5/cgi/php.ini - the custom php.ini file for the web contains the line: suhosin.session.encrypt = 0 - adding the following to the Apache directive field of the site: suPHP_ConfigPath /var/www/web100/etc/php.ini Within the vhost of the web, now i have: suPHP_ConfigPath /var/www/web100/etc/php.ini RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L] <Directory "/var/www/web4/web"> Options FollowSymLinks AllowOverride All </Directory> After that, i restarted Apache2 by executing: /etc/init.d apache2 restart Now i have suhosin.encrypt off for one single web.
I am having the same problem but not using a vhost. Can anyone help, these are my settings. /roundcube/.htaccess php_value suhosin.session.encrypt Off Roundcube Installer Page 1: Code: Version: OK(PHP 5.3.0 detected) Checking PHP extensions The following modules/extensions are required to run RoundCube: PCRE: OK DOM: OK Session: OK XML: OK The next couple of extensions are optional and recommended to get the best performance: FileInfo: OK Libiconv: OK Multibyte: OK OpenSSL: OK Mcrypt: OK GD: OK Checking available databases Check which of the supported extensions are installed. At least one of them is required. MySQL: OK MySQLi: OK PostgreSQL: OK SQLite (v2): OK Check for required 3rd party libs This also checks if the include path is set correctly. PEAR: OK MDB2: OK Net_SMTP: OK Mail_mime: OK iilConnection: OK Checking php.ini/.htaccess settings The following settings are required to run RoundCube: file_uploads: OK session.auto_start: OK zend.ze1_compatibility_mode: OK mbstring.func_overload: OK suhosin.session.encrypt: NOT OK(is '1', should be '0') I am using opensuse 11.1 with Php 5.3.0 and my php.ini has no trace of "suhosin" at all. Could anyone tell me what I'm doing wrong/missing? I'm clueless. Thanks.
