# Ansible managed
Directive = allow_url_fopen
Default   = On
Type      = bool
Comment   = Allows PHP file functions to retrieve data from remote locations over FTP or HTTP. This option is a great security risk, thus do not turn it on without necessity.

Directive = display_errors
Default   = On
Type      = bool
Comment   = Determines whether errors should be printed to the screen as part of the output or if they should not be shown to a user.

Directive = error_reporting
Default   = E_ALL & ~E_NOTICE
Range     = ~E_ALL,E_ALL & ~E_NOTICE,E_ALL,E_ALL & ~E_DEPRECATED & ~E_STRICT
Type      = list
Comment   = The error reporting level.

Directive = expose_php
Default   = Off
Type      = bool
Comment   = Exposes to the world that PHP is installed on the server, which includes the PHP version within the HTTP header (e.g., X-Powered-By: PHP/7.3.4).

Directive = file_uploads
Default   = On
Type      = bool
Comment   = Allows uploading files over HTTP.

Directive = include_path
Default   = .;/path/to/php/pear
Type      = value
Comment   = The list of directories where scripts look for files (similar to system's PATH variable). To separate directories, use a colon (:) For example: .:/dir/inc:/usr/lib/php

Directive = log_errors
Default   = Off
Type      = bool
Comment   = Tells whether to log errors. By default, errors are logged in the server's error log. Use the error_log directive to specify the path to your own log file.

Directive = magic_quotes_gpc
Default   = On
Type      = bool
Remark    = <5.4.0
Comment   = Sets the magic_quotes state for the GPC (Get, Post and Cookie) operations. When magic_quotes are on, all single-quotes, double quotes, backslashesand  special characters are escaped with the backslash automatically.

Directive = mail.force_extra_parameters
Type      = value
Comment   = Additional parameters for the mail() function used to send mail. For example, to use your custom Sendmail configuration: -C /dir/conf.cf

Directive = max_execution_time
Default   = 30
Type      = value
Comment   = The maximum time in seconds a script is allowed to run before it is terminated.

Directive = max_input_time
Default   = 60
Type      = value
Comment   = The maximum time in seconds a script is allowed to parse input data.

Directive = memory_limit
Default   = 1024M
Range     = 1024M,1536M,2048M,3072M,4096M,6144M,12288M
Type      = list
Comment   = The maximum amount of memory in bytes a script is allowed to allocate. Set the value to -1 to have no memory limit (not recommended). Use shortcuts for byte values: K (kilo), M (mega), and G (giga). For example, 128M

Directive = post_max_size
Default   = 1024M
Range     = 1024M,1536M,2048M,3072M,6144M,12288M
Type      = list
Comment   = The maximum size in bytes of data that can be posted with the POST method. Typically, should be larger than upload_max_filesize and smaller than memory_limit. Use shortcuts for byte values: K (kilo), M (mega), and G (giga). For example, 16M.

Directive = upload_max_filesize
Default   = 1024M
Range     = 1024M,1536M,2048M,3072M,6144M,12288M
Type      = list
Comment   = The maximum size in bytes of an uploaded file. Use shortcuts for byte values: K (kilo), M (mega), and G (giga). For example, 128M.

Directive = open_basedir
Type      = value
Comment   = The list of directories used to limit the files that can be opened by PHP. If the file is outside the specified directories, PHP scripts will refuse to open it. To separate directories, use a colon. For example: /dir/upload:/usr/tmp

Directive = register_globals
Default   = Off
Type      = bool
Remark    = <5.4.0
Comment   = Tells whether to register the contents of the EGPCS (Environment, GET, POST, Cookie, Server) variables as global variables. When on, register_globals will inject your scripts with all sorts of variables, like request variables from HTML forms. This option is a great security risk, thus do not turn it on without necessity

Directive = safe_mode
Default   = Off
Type      = bool
Remark    = <5.4.0
Comment   = Enables PHP safe mode. This mode puts a number of restrictions on scripts (say, access to file system) mainly for security reasons.

Directive = safe_mode_exec_dir
Type      = value
Remark    = <5.4.0
Comment   = If PHP is in the safe mode, scripts can execute external programs located only in this directory. For example: /dir/external

Directive = safe_mode_include_dir
Type      = value
Remark    = <5.4.0
Comment   = If PHP is in the safe mode and a script tries to access some files, files from this directory will bypass security (UID/GID) checks. The directory must also be in include_path. For example: /dir/inc

Directive = session.save_path
Default   = /tmp
Type      = value
Comment   = The directory where PHP writes session data (files). For example: /dir/tmp

Directive = session.cookie_secure
Default   = Off
Type      = bool
Comment   = session.cookie_secure specifies whether cookies should only be sent over secure connections. Defaults to off

Directive = session.use_strict_mode
Default   = Off
Type      = bool
Remark    = >5.5.2
Comment   = session.use_strict_mode specifies whether the module will use strict session id mode. If this mode is enabled, the module does not accept uninitialized session ID. If uninitialized session ID is sent from browser, new session ID is sent to browser. Applications are protected from session fixation via session adoption with strict mode

Directive = session.cookie_samesite
Default   = None
Type      = list
Range     = None,Lax,Strict
Remark    = >7.3
Comment   = Allows servers to assert that a cookie ought not to be sent along with cross-site requests. This assertion allows user agents to mitigate the risk of cross-origin information leakage, and provides some protection against cross-site request forgery attacks. Note that this is not supported by all browsers. An empty value means that no SameSite cookie attribute will be set. Lax and Strict mean that the cookie will not be sent cross-domain for POST requests. Lax will sent the cookie for cross-domain GET requests, while Strict will not.

Directive = session.cookie_httponly
Default   = Off
Type      = bool
Remark    = >5.2.0
Comment   = Marks the cookie as accessible only through the HTTP protocol. This means that the cookie wont be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers)

Directive = session.cookie_lifetime
Default   = 0
Type      = value
Comment   = session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means until the browser is closed. Defaults to 0

Directive = session.gc_maxlifetime
Default   = 1440
Type      = value
Comment   = session.gc_maxlifetime specifies the number of seconds after which data will be seen as garbage and potentially cleaned up. Defaults to 1440

Directive = short_open_tag
Default   = On
Type      = bool
Comment   = Allows the short form of the PHP open tag.

Directive = max_input_vars
Default   = 3000
Type      = value
Comment   = How many input variables may be accepted (limit is applied to $_GET, $_POST and $_COOKIE superglobal separately). Use of this directive mitigates the possibility of denial of service attacks which use hash collisions. If there are more input variables than specified by this directive, an E_WARNING is issued, and further input variables are truncated from the request.

Directive = zlib.output_compression
Default   = Off
Type      = bool
Comment   = Whether to transparently compress pages. If this option is set to "On" in php.ini or the Apache configuration, pages are compressed if the browser sends an "Accept-Encoding: gzip" or "deflate" header. "Content-Encoding: gzip" (respectively "deflate") and "Vary: Accept-Encoding" headers are added to the output. In runtime, it can be set only before sending any output.

Directive = max_file_uploads
Default   = 20
Type      = value
Comment   = The maximum number of files allowed to be uploaded simultaneously. Starting with PHP 5.3.4, upload fields left blank on submission do not count towards this limit.

Directive = disable_functions
Default   = system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail
Type      = value
Comment   = This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. Only internal functions can be disabled using this directive. User-defined functions are unaffected.

Directive = date.timezone
Default   = UTC
Type      = value
Comment   = Sets the default timezone