Runtime Configuration
The behaviour of these functions is affected by settings in php.ini.
The zlib extension offers the option to transparently compress your pages on-the-fly, if the requesting browser supports this. Therefore there are three options in the configuration file php.ini.
Name | Default | Changeable | Changelog |
---|---|---|---|
zlib.output_compression | "0" | PHP_INI_ALL | Available since PHP 4.0.5. |
zlib.output_compression_level | "-1" | PHP_INI_ALL | Available since PHP 4.3.0. |
zlib.output_handler | "" | PHP_INI_ALL | Available since PHP 4.3.0. |
Here's a short explanation of the configuration directives.
-
zlib.output_compression
boolean/integer -
Whether to transparently compress pages. If this option is set to "On" in php.ini or the Apache configuration, pages are compressed if the browser sends an "Accept-Encoding: gzip" or "deflate" header. "Content-Encoding: gzip" (respectively "deflate") and "Vary: Accept-Encoding" headers are added to the output. In runtime, it can be set only before sending any output.
This option also accepts integer values instead of boolean "On"/"Off", using this you can set the output buffer size (default is 4KB).
Note:
output_handler must be empty if this is set 'On' ! Instead you must use zlib.output_handler.
-
zlib.output_compression_level
integer -
Compression level used for transparent output compression. Specify a value between 0 (no compression) to 9 (most compression). The default value, -1, lets the server decide which level to use.
-
zlib.output_handler
string -
You cannot specify additional output handlers if zlib.output_compression is activated here. This setting does the same as output_handler but in a different order.
Коментарии
In the hopes this will help others - a hard to spot gotcha when implementing zlib.output_compression. if you use flush() anywhere in your script (even right at the end) the compression won't work - you need to let that happen automatically or it ends up being sent uncompressed.
Does anyone find these two statements contradictory? Am I not understanding something, or are these statements actually contradicting each other?
Statement ONE from output_handler:
"output_handler must be empty if this [zlib.output_compression] is set 'On' ! Instead you must use zlib.output_handler."
Statement TWO from zlib.output_handler:
"You cannot specify additional output handlers if zlib.output_compression is activated ..."
Statement ONE says you have to use zlib.output_handler, if zlib.output_compression is turned ON. Statement TWO says that, if zlib.output_compression is turned ON, you cannot use zlib.output_handler.
what the heck?
finlanderid at gmail dot com,
you are mixing two separate things and consider them to be the same thing, hence the confusion.
There are two output_handlers:
1. outcontrol.configuration#ini.output-handler
2. zlib.configuration#ini.zlib.output-handler
Now, if you re-read your quotes again with this information it won't be confusing anymore :)
@finlanderid, Exactly. As output_handler and zlib.output_handler cant be both set (as per ""<output_handler must be empty if this is set 'On'>""), "different order" refers to?
Because of possible BREACH attacks when using output compression cross-site scripting should be disallowed. This can be achieved with the same-site cookie attribute:
https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/
https://caniuse.com/#feat=same-site-cookie-attribute