Topics on this page
Agents can be installed only in Linux environments. Windows is not supported.
Application Security's PHP agent is compatible with the following components:
Apache 2 mod_php
PHP-FPM with NGinX or Apache
Code protection features
Some of the code protection features are enabled only when specific components are used in the application.
For PHP, the SQL Injection feature requires that PHP Data Objects (PDO) be enabled.
PHP API versions
PHP API versions are used to identify our binaries. Here's the mapping between PHP versions and API versions:
|PHP version||PHP API version|
Download the agent
The PHP agent is available from the Download page.
Install the agent
Download the agent package for your PHP version and platform.
Stop Apache as follows
sudo service apache2 stop
trend_app_protect-*.sointo your PHP extension directory:
$ mv /path/to/trend_app_protect-*.so "$(php -r 'echo ini_get ("extension_dir");')"/trend_app_protect.so
Add the following to your
php.inifile (or in a new
/etc/php.d/, if present):
Make sure the name "trend_app_protect.so" matches exactly the filename and extension copied into the php extension directory.
; Enable the extension extension = trend_app_protect.so ; Add key and secret from the Application Protection dashboard trend_app_protect.key = <your key> trend_app_protect.secret = <your secret>
The Key and Secret can be found under Group Settings > Group Credentials.
The environment variables will take precedence over the configuration file.
5 . After the agent file is copied or the
php.ini file edited, restart Apache as follows:
sudo service apache2 restart
Pre-request application code execution
In some circumstances, it is desirable to execute application code before a request is processed. For example, when application code needs to be executed prior to security events being generated and sent to the backend.
With PHP agents, some security protection gets applied in the native code level rather than the PHP language itself. This results in some security events being generated prior to the PHP application being sent to the Application Security backend.
In order to enable the PHP application code to be executed prior to security events being generated, the PHP agent includes a configuration setting that enables you to specify the path to the PHP code that gets executed prior to each request. That script can be used to dynamically set tags contextualizing the security events that are generated, for example with a tenant ID.
|Configuration key||Environment variable||Description|
|trend_app_protect.prepend_php_file||TREND_AP_PREPEND_PHP_FILE||Path to script that gets executed first on each request. Default: None. If a request is blocked early, for example by Malicious Payload, this is the only script executed. Note that this configuration setting is only supported with PHP agent.|
Configure the agent to communicate with the proper Trend Micro Cloud One region
If you are using a Cloud One region other than 'us-1', you need to configure the agent's connectivity for the region.