This guide explains how to display the absolute paths for certain web applications that need to know them.

Getting the absolute path…

… of a web hosting

For this:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on the chevron ‍ to expand the Information section of this hosting.
4. The highlighted indication below is the location of the example site:
   

… of a website

For this:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on the chevron ‍ to expand the Information section of this site.
4. The highlighted indication below is the location of the example site:
   

This guide shows how to modify the error_reporting() directive on your website.

Enable error reporting

Specify the following 2 pieces of information in your .user.ini file:

display_errors=on
error_reporting=E_ALL & ~E_NOTICE & ~E_STRICT

If your browser does not display any errors or warnings, then there are none.

Disable PHP error display

For WordPress, edit the file wp-config.php and replace the line:

define('WP_DEBUG', false);

by:

ini_set('display_errors','Off');
ini_set('error_reporting', E_ALL );
define('WP_DEBUG', false);
define('WP_DEBUG_DISPLAY', false);

Otherwise, you can add the following code to the .user.ini file:

display_errors=off

This guide concerns IonCube Loader, a PHP module that allows decoding PHP scripts that have been encoded with IonCube Encoder.

Preamble

• IonCube encoding is used to protect an application's source code and prevent its unauthorized modification or distribution.
• By using IonCube Loader, website owners can ensure the security of their code and content while allowing for secure and easy distribution of their applications.

Using ionCube Loader

With shared hosting it is no longer offered. You can check this from the dashboard:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product:
3. Click on Manage under Advanced Settings:
   
4. Click on the PHP Extensions tab.
5. Click on ionCube Loader (if present in the list) to see the details:
   
   • Here you should consider a Cloud Server.

This guide concerns the configuration and management of ModSecurity on Infomaniak servers. By understanding its limitations, restrictions, and effectively managing errors, you can optimize the security of your site while maintaining its functionality.

Default configuration

ModSecurity (mod_secure) is available and enabled by default on the Infomaniak servers. This means that all HTTP requests will be subject to the security rules defined by ModSecurity.

It is not possible to disable ModSecurity on Infomaniak servers. The setting is global to the server where your site is hosted, which means that all defined security rules will be applied to your site.

Error management

If the error message ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. (...) appears regarding ModSecurity, you should check that a default language is properly configured in your web browser. This error can sometimes be caused by incorrectly configured language settings in the browser.

This guide details the "X-Frame-Options" header, which can be used to protect against clickjacking attacks. Note that the "X-Frame-Options" header may not be supported by all web browsers. It is therefore recommended to combine it with other methods to enhance the security of your website.

Possible values for the header

‍The "X-Frame-Options" header can be set to prevent a website from being loaded in a frame or iframe. There are three possible values for this header:

This guide provides information about the robots.txt file automatically created for Web hosting where this file is missing.

Preamble

• The robots.txt file acts as a guide for search engine crawlers
• It is placed at the root of a website and contains specific instructions for these robots, indicating which directories or pages they are allowed to explore and which they should ignore
• However, robots may choose to ignore these directives, making the robots.txt a voluntary guide rather than a strict rule

File Content

If the robots.txt file is missing from an Infomaniak site, a file with the same name is automatically generated with the following directives:

User-agent: *
Crawl-delay: 10

These directives tell robots to space out their requests by 10 seconds, which helps to avoid unnecessarily overloading the servers.

Bypassing the default robots.txt

It is possible to bypass the robots.txt by following these steps:

1. Create an empty robots.txt file (it will serve only as a placeholder so that the rules do not apply).
2. Manage the redirection of the URI (Uniform Resource Identifier) robots.txt to your chosen file using a .htaccess file.

Example

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} /robots.txt$
RewriteRule ^robots\.txt$ index.php [QSA,L]
</IfModule>

Explanations

• The mod_rewrite module of Apache is enabled to allow redirections.
• The condition RewriteCond %{REQUEST_URI} /robots.txt$ checks if the request concerns the robots.txt file.
• The rule RewriteRule ^robots\.txt$ index.php [QSA,L] redirects all requests to robots.txt to index.php, with the option [QSA] that preserves the query parameters.

It is recommended to place these instructions at the beginning of the .htaccess file.

This guide details the use of DELIMITER to create MySQL functions on Serveur Cloud Infomaniak.

Preamble

• When creating functions or stored procedures in MySQL, it is crucial to understand the role of delimiters.
• The correct use of delimiters is essential to avoid syntax errors that can occur due to the presence of multiple SQL statements in a single function or procedure definition.

Understanding the Delimiter

A delimiter is a character or sequence of characters used to separate SQL instructions in a script. By default, MySQL uses the semicolon (;) as a delimiter. However, when creating functions, stored procedures, or triggers that contain multiple SQL instructions, it is necessary to temporarily change the delimiter to avoid syntax errors.

When you create a function, procedure, or trigger, you often need to use multiple SQL statements within the BEGIN...END block. Since the semicolon (;) is also used to terminate these internal statements, MySQL might interpret the first semicolon as the end of the function definition, resulting in a syntax error. To avoid this issue, you must change the delimiter during the function definition.

Create a simple function using custom delimiters

Before defining the function, you must tell MySQL that you will use a different delimiter. In the example below, $$ is used as the new delimiter:

DELIMITER $$

With the new delimiter in place, you can now define your function. The CREATE FUNCTION includes the body of the function, where you can use internal SQL statements separated by semicolons without any issues:

CREATE FUNCTION hello_world()
RETURNS TEXT
LANGUAGE SQL
BEGIN
RETURN 'Hello World';
END;
$$

In this example:

• CREATE FUNCTION hello_world() : declares the beginning of the definition of the function hello_world.
• RETURNS TEXT : specifies the data type that the function returns.
• LANGUAGE SQL : specifies that the language used for the function is SQL.
• BEGIN ... END: encapsulates the function code. Inside, the semicolon is used to separate SQL statements.
• RETURN 'Hello World'; : SQL statement that returns the string Hello World.

After defining the function, reset the delimiter to its default state (the semicolon). This allows you to continue executing the usual SQL instructions in your subsequent scripts:

DELIMITER ;

This guide explains how to securely and easily transfer files between Web Hosting and/or Cloud Server.

Preamble

• The FXP (File Exchange Protocolis a method for transferring files directly between two FTP servers without the data passing through the local client.
• Using the FTP PORT and PASV commands, it allows for a connection to be established between the two servers for faster and more efficient file transfer, thus saving bandwidth.
• However, this method may present security risks if the connections are not secured by FTPS, and it requires a more complex configuration compared to traditional FTP transfers.

Transferring data between servers

FXP is enabled by default on Web Hosting and Cloud Servers.

For example, you can use CrossFTP, a multi-platform software that allows you to perform FXP (as well as FTP, SFTP, WebDav, S3, OpenStack Swift).

This guide explains how to change the WordPress management password or any other Web application (Joomla, Drupal, Typo3, PrestaShop, ownCloud, etc.) installed via Infomaniak tools included in the offersWeb hosting paid.

Preamble

• Some applications also allow a change of user password directly from their dedicated interface:
  • Example: WordPress (manage users, names, passwords, roles, etc.).

Change the password of a Web app

To change the password to the administration panel of your web application, perform the following actions:

1. Click here in order to access the management of your product on the Manager Infomaniak (Need help?).
2. Click directly on the nameallocated to the product concerned:
   
3. Click on the action menu ⋮ located to the right of the relevant Web Application.
4. Click on Parameters of the application:
   
5. Click on Edit to the right of the Application:
   
6. Under Password Enter the new password (for connection to the identifier indicated above):
   
7. Click on the button Save at the bottom of the page.

This guide explains how to enable the following functions on Web Hosting (in italics, Cloud Server only):

• proc_open
• popen
• exec()
• shell_exec()
• set_time_limit
• passthru
• system

Enable PHP functions

To access website management:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product:
3. Click on Manage under Advanced Settings:
   
4. Click on the PHP / Apache tab.
5. Click on the toggle switches On/Off as desired:
   
6. Click on the Save button to confirm the changes.