Apache 2.4 and PHP 8.1 #166
Replies: 2 comments 1 reply
-
Hi @richardsyeo, It should be pretty straightforward -- just enable ffi in You should do some input sanitisation. I'd make some effort to only allow known good formats (perhaps png, jpg, gif), and use eg. You could consider making your own libvips binary and only include the code you need, though that would make deployment harder. libvips 8.13 has a new feature that will block untested loaders, which could be useful. Some formats can be used to make denial of service decompression bombs. You can make a 100mb GIF, for example, that will need 20gb of server memory to process. I'd open files, check dimensions, and refuse to handle images over maybe 100mpx. Install libvips with You might need to limit the number of pipelines you run at once, it depends what you're using libvips for, your expected server load and how much ram your server has. |
Beta Was this translation helpful? Give feedback.
-
Thanks Which is best to use PHP CGI or FPM? Best methods to use when loading images from s3, transforming and returning? Should this be used at end of each script? |
Beta Was this translation helpful? Give feedback.
-
I am using Apache 2.4.52 and PHP 8.1.2. on Ubuntu 22.04.1 LTS.
Do you have any recommendations on how to setup Apache config and php.ini for use with VIPS 8.12.1 on a heavily used website?
Beta Was this translation helpful? Give feedback.
All reactions