You can include a php.ini file with your App Engine application. This file lets you customize the behavior of the PHP interpreter directives.
php.ini file should be
placed in the base directory of an application (the same directory as the
app.yaml file). It is loaded when the PHP interpreter is
initialized, and before your application code is run.
The file follows the same syntax as other .ini files. A simple example might look like:
; This is a simple php.ini file on App Engine ; It enables output buffering for all requests by overriding the ; default setting of the PHP interpreter. output_buffering = "On"
A list of the core directives, along with their changeable mode values,
is published on php.net.
php.ini directives handled by extensions are documented on the
respective pages of the extensions themselves.
You may override any PHP directive that has one of the following changeable mode values:
Note that some functions have been disabled in the App Engine implementation of PHP. Directives that target these functions will have no effect.
PHP Directives for App Engine
The following directives are specific to the App Engine environment. They can be included in the php.ini file.
extension- Enables certain extensions in PHP 5.5 apps. For example, to enable MongoDB, enter:
extension = "mongo.so"
google_app_engine.enable_curl_lite = "1"- Enables "cURL lite," a built-in, App Engine-specific version of cURL, in PHP 5.5 apps. "cURL lite" can be used exactly as you would use the standard cURL functions, but it calls URL Fetch under the hood rather than sockets, thus functions with no URL Fetch equivalent, throw a
CurlLiteMethodNotSupportedException. Note that an app can't enable the "curl.so" extension and "cURL lite" at the same time, as that overloads the cURL functions.
google_app_engine.enable_functions- Functions that have been soft disabled in App Engine, but can be re-enabled using this directive. List the function names in a comma delimited string:
google_app_engine.enable_functions = "phpversion, phpinfo"
google_app_engine.allow_include_gs_buckets- Allows your application to use the
requirestatements with files stored in Google Cloud Storage. List the buckets containing the files in a comma delimited string:
google_app_engine.allow_include_gs_buckets = "bucket_1, bucket_2"
You can also specify a bucket and path to files that can be included, for example:
google_app_engine.allow_include_gs_buckets = "bucket_1/path_x"When the check is performed for which files may be included from GCS, the supplied path is treated as a prefix that must match the start of the file name in order for it to be included or required. For example using the path example above, the supplied path would allow users to include files from
gs://bucket_1/path_x/...because the prefix matches but not from
gs://bucket_1 or gs://bucket_1/path_y/because the prefix doesn't match.
If an uploaded file is moved to an allowed include bucket, a warning is generated to alert the user to a potential LFI attack. If this happens, you should consider using a more restrictive path.
Note: the path is treated as a file prefix; so it could include a specific file as well, for example,
google_app_engine.allow_include_gs_buckets = "bucket_1/path_x.ext", "bucket_2/path_z/some_file.ext.