From fc2e7bdc794a7066ae7b328ca4ff0fe4d72cd9e0 Mon Sep 17 00:00:00 2001
From: Soumya Darshan <suklasoumyadarshan@gmail.com>
Date: Wed, 26 Nov 2025 10:25:54 +0530
Subject: [PATCH] Security hardening fixed

---
 docker/config/api.conf | 2 +-
 docker/config/php.ini  | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker/config/api.conf b/docker/config/api.conf
index 14a04b82..8f888528 100644
--- a/docker/config/api.conf
+++ b/docker/config/api.conf
@@ -15,7 +15,7 @@ HostnameLookups Off
 </Directory>
 
 <Directory /var/www/openml>
-	Options Indexes FollowSymLinks MultiViews
+	Options -Indexes FollowSymLinks MultiViews
 	AllowOverride All
 	Require all granted
 </Directory>
diff --git a/docker/config/php.ini b/docker/config/php.ini
index 6f97900d..9b50b83e 100644
--- a/docker/config/php.ini
+++ b/docker/config/php.ini
@@ -407,7 +407,7 @@ zend.exception_string_param_max_len = 0
 ; threat in any way, but it makes it possible to determine whether you use PHP
 ; on your server or not.
 ; https://php.net/expose-php
-expose_php = On
+expose_php = Off
 
 ;;;;;;;;;;;;;;;;;;;
 ; Resource Limits ;
@@ -426,7 +426,7 @@ max_execution_time = 30
 ; Development Value: 60 (60 seconds)
 ; Production Value: 60 (60 seconds)
 ; https://php.net/max-input-time
-max_input_time = 60
+max_input_time = 3600
 
 ; Maximum input variable nesting level
 ; https://php.net/max-input-nesting-level