                       ionCube Loader 5.0 User Guide
                       -----------------------------

This document describes the available php.ini configuration options 
of the ionCube Loader that relate to processing of PHP encoded files,
and also the ionCube 24 service.

ENCODED FILES 
-------------

INI entry: ioncube.loader.encoded_paths

Purpose:   Specify the locations of encoded files

  The ionCube Loader will normally examine a PHP file before processing
  to test whether it is encoded, and will run the file itself if necessary.
  Although this checking is very efficient, restricting which files the
  Loader tests for being encoded may give extra performance. If set to 
  a series of paths or files, only files in those locations are tested.

  Entries should be separated by a ':' on Unix and ';' on Windows. 
  A path may be prefixed with '+' or '-' to add or remove that path from
  the possible locations. + is assumed if no character is given.


Examples: (... means ioncube.loader.encoded_paths)

  * Site with a single encoded module in /var/www/html/modules/RSS

... = "/var/www/html/modules/RSS"


  * As above, with a site configuration file encoded too.

... = "/var/www/html/modules/RSS:/var/www/html/config/config.php"


  * Encoded files may be anywhere except for /var/www/html/framework

... = "/:-/var/www/html/framework"


  * Site with most modules encoded except for one

... = "/var/www/html/modules:-/var/www/html/modules/plain"


  * As above, with an encoded config file in the plain directory

... = "/site/modules:-/site/modules/plain:/site/modules/plain/config.php"


Locations:

  The ioncube.loader.encoded_paths property can be set in a
  php.ini file, in a .htaccess file (when using Apache), in
  a .user.ini file (when using CGI PHP 5.3+) or using ini_set 
  within a PHP script. In ini files only the last value will be 
  used for the encoded_paths property. If you wish to build up the 
  value in several lines then, for PHP 5.1+, you can use the
  following syntax: 

ioncube.loader.encoded_paths = "/path1"
ioncube.loader.encoded_paths = ${ioncube.loader.encoded_paths}":/path2"
; etc...


IONCUBE 24 - available for Linux 32 and 64 bit servers.
----------

ionCube 24 is a new service from ionCube that offers intrusion
protection in real-time against the exploit of vulnerabilities
that allow PHP code to be modified or inserted into a website.
Such attacks are widespread, particularly to systems such
as Wordpress, and often result in a website defacement
and/or customer data being compromised. Once infected, the only
truly safe option is to reinstall the server operating system, 
creating major inconvenience and unplanned costs.

Unlike services that try to find vulnerabilities but do
nothing to actually protect, ionCube 24 actively
protects and defends against an attack, even if the method
of attack is unknown, by blocking any code that is unexpected
and preventing any subsequent damage.

Performance may also be improved with ionCube 24 enabled,
particularly coupled with the PHP Op Cache, as the Loader
learns and remembers which files are encoded. When PHP
is about to process a file that is known not to be encoded,
the Loader does not need to examine the file.

You can sign up and use the service for free via ioncube24.com,
and the server side support is built into the Loader as 
standard. With the Loader installed, you can go ahead and
activate ionCube 24 at any time if you wish to have active
intrusion protection. Other ionCube 24 features that are
likely to be very useful to you are also on their way,
so even if not enabling intrusion protection, be sure to
check what new features are available in the coming 
weeks and months.

There are a number of ini settings, and the ones with user
adjustable values are summarised below. The setup process
at ioncube24.com automatically gives the settings that you
need to get started, but you may wish to make changes
yourself once setup. The default values are given with
each example.

INI entry: ic24.enable = 0 ; default off

Purpose: Enable or disable ionCube 24 features.

Examples:

  ic24.enable = 1


INI entry: ic24.home_dir ; no default

Purpose: The home directory for ionCube 24 related system
files. A location outside of the web root is recommended.
It should be writable by the web server during startup.

Example:

  ic24.home_dir = /var/www/ic24_home


INI entry: ic24.sec.approve_included_files = 0

Purpose: Allow included files to be automatically trusted
and approved. This can be useful if your site has files
that are included by others and changing regularly, and
where one of the other mechanisms for handling such 
behaviour is not possible to utilise at the moment; 
though we would recommend use of the ionCube 24 TrustPoint 
concept, exclusion keys or the API. See ioncube24.com for more 
details once signed up.

Example:

  ic24.sec.approve_included_files = 1


INI entry: ic24.sec.block_uploaded_files = 1 ; default on

Purpose: If set, ionCube 24 blocks from execution any
uploaded files that are processed using the standard
PHP mechanism for uploaded files. This applies even 
if the file is subsequently included and where included
files being automatically approved with the
previous setting. 

(c) ionCube Ltd. 2015
