Articles

How to Install the PHP Suhosin Extension

In the examples shown, replace "X.Y" with your app's PHP version (for example, "5.6" or "7.0").

Suhosin is a PHP security extension that attempts to protect against potential bugs in your application's PHP code.

Suhosin may break functionality in your apps. By using this extension, you recognize that you may increase the burden on your developers and negatively affect your users as a result of breakage. ServerPilot does not provide support for this extension. For support, you can open tickets in the Suhosin GitHub repository.

Installing Suhosin on PHP 7.2

This extension does not yet support PHP 7.2.

Installing Suhosin on PHP 7.0 or 7.1

Suhosin for PHP 7 is currently in development. As of August 2016, Suhosin for PHP 7 is not compiling correctly due to a known bug.

Once the bug in Suhosin for PHP 7 is fixed, to install on PHP 7.X, SSH in to your server as root and install the packages required to build the Suhosin extension.

sudo apt-get -y install gcc make autoconf libc-dev pkg-config

Next, run the following commands on your server:

git clone https://github.com/sektioneins/suhosin7
cd suhosin7
/opt/sp/php7.X/bin/phpize
PATH=/opt/sp/php7.X/bin:$PATH ./configure
make
sudo make install
sudo bash -c "echo extension=suhosin.so > /etc/php7.X-sp/conf.d/suhosin.ini"
sudo service php7.X-fpm-sp restart

Installing Suhosin on PHP 5.4, 5.5, or 5.6

To install this extension on PHP 5.X, SSH in to your server as root and install the packages required to build the Suhosin extension.

sudo apt-get -y install gcc make autoconf libc-dev pkg-config

Next, download Suhosin, extract it, and change to the Suhosin directory. You can find the latest version on the Suhosin downloads page.

wget https://download.suhosin.org/suhosin-0.9.38.tar.gz
tar xzf suhosin-0.9.38.tar.gz
cd suhosin-0.9.38

Now, compile, install, and restart PHP. To install for multiple PHP versions, repeat the steps below for each PHP version.

/opt/sp/php5.X/bin/phpize
PATH=/opt/sp/php5.X/bin:$PATH ./configure
make
sudo make install
sudo bash -c "echo extension=suhosin.so > /etc/php5.X-sp/conf.d/suhosin.ini"
sudo service php5.X-fpm-sp restart

Verifying the Installation

You can verify Suhosin is installed correctly by running the command:

phpX.Y-sp -i | grep suhosin

You should see the following output:

/etc/phpX.Y-sp/conf.d/suhosin.ini,
suhosin
suhosin.apc_bug_workaround => Off => Off
suhosin.cookie.checkraddr => 0 => 0
suhosin.cookie.cryptdocroot => On => On
suhosin.cookie.cryptkey => [ protected ] => [ protected ]
suhosin.cookie.cryptlist => no value => no value
suhosin.cookie.cryptraddr => 0 => 0
suhosin.cookie.cryptua => On => On
suhosin.cookie.disallow_nul => 1 => 1
suhosin.cookie.disallow_ws => 1 => 1
suhosin.cookie.encrypt => Off => Off
...

Last updated: August 31, 2017