disable_functions = exec, system, shell_exec, passthru, popen, proc_open, pcntl_exec, fopen, file_put_contents, file_get_contents, unlink, rename, copy, move_uploaded_file, pcntl_fork, pcntl_signal, pcntl_wait, pcntl_wexitstatus, posix_kill, posix_setsid, curl_exec, curl_multi_exec, stream_socket_client, fsockopen, pfsockopen, gethostbyname, gethostbyaddr, create_function, call_user_func, call_user_func_array, assert, phpinfo, get_cfg_var, ini_get, ini_set, getenv, putenv, mysqli_connect, pg_connect, sqlite_open, sqlite_popen

open_basedir = /opt/cpguard/app/cpguard/core/scanner/decode/   ; Restrict file access
expose_php = Off             ; Hide PHP version in headers
allow_url_fopen = Off        ; Disable remote file includes
allow_url_include = Off      ; Prevent remote PHP execution
max_execution_time = 10      ; Kill scripts running longer than 10 sec
memory_limit = 64M           ; Limit memory usage