Installing the AcuSensor agent for PHP websites
First, you need to download the AcuSensor agent for your Target.
This section describes how to install AcuSensor in a PHP web application.
- Locate the PHP AcuSensor file of the website you want to install AcuSensor on. Copy the acu_phpaspect.php file to the remote web server hosting the web application. The AcuSensor agent file should be in a location where it can be accessed by the web server software. Acunetix AcuSensor Technology works on websites using PHP version 5 and up.
- There are 2 methods to install the AcuSensor agent, one method can be used for Apache web server, and the other method can be used for IIS, nginx and Apache web servers.
Method 1: Apache web Server - .htaccess file
Create a .htaccess file in the website directory and add the following directive:
php_value auto_prepend_file ‘[path to acu_phpaspect.php file]’.
Note: For Windows use ‘C:\sensor\acu_phpaspect.php’ and for Linux use ‘/Sensor/acu_phpaspect.php’ path declaration formats. If Apache web server does not execute .htaccess files, it must be configured to do so. Refer to the following configuration guide: http://httpd.apache.org/docs/2.0/howto/htaccess.html. The above directive can also be configured in the httpd.conf file.
Method 2: IIS, Apache and nginx - php.ini
- Locate the file ‘php.ini’ on the server by using phpinfo() function.
- Search for the directive auto_prepend_file, and specify the path to the acu_phpaspect.php file. If the directive does not exist, add it in the php.ini file:
- Save all changes and restart the web server for the above changes to take effect.
Disabling and uninstalling AcuSensor for PHP
To uninstall and disable the sensor from your web site:
- If method 1 (.htaccess file) was used to install the PHP AcuSensor, delete the directive: php_value auto_prepend_file="/path/to/acu_phpaspect.php" from .htaccess
- If method 2 was used to install the PHP AcuSensor, delete the directive: auto_prepend_file="/path/to/acu_phpaspect.php" from php.ini.
- Finally, delete the Acunetix AcuSensor PHP file: acu_phpaspect.php.
Note: Although the Acunetix AcuSensor agent are secured with a strong password, it is recommended that the AcuSensor client files are uninstalled and removed from the web application if they are no longer in use.