Table of contents


Supported versions

Agents can be installed only in Linux environments. Windows is not supported.

Application Security's PHP agent is compatible with the following components:

Component Version

Apache 2 mod_php

PHP-FPM with NGinX or Apache

Code protection features

Some of the code protection features are enabled only when specific components are used in the application.

For PHP, the SQL Injection feature requires that PHP Data Objects (PDO) be enabled.

PHP API versions

PHP API versions are used to identify our binaries. Here's the mapping between PHP versions and API versions:

PHP version PHP API version
7.0 20151012
7.1 20160303
7.2 20170718
7.3 20180731
7.4 20190902

Download the agent

The PHP agent is available from the Download page.

Install the agent

  1. Download the agent package for your PHP version and platform.

  2. Stop Apache as follows
    sudo service apache2 stop

  3. Move trend_app_protect-*.so into your PHP extension directory:

    $ mv /path/to/trend_app_protect-*.so "$(php -r 'echo ini_get ("extension_dir");')"/

  4. Add the following to your php.ini file (or in a new .ini file in /etc/php.d/, if present):

; Enable the extension
extension =

; Add key and secret from the Application Protection dashboard
trend_app_protect.key = <your key>
trend_app_protect.secret = <your secret>
Make sure the name "" matches exactly the filename and extension copied into the php extension directory.

The Key and Secret can be found under Group Settings > Group Credentials.

The environment variables will take precedence over the configuration file.

5 . After the agent file is copied or the php.ini file edited, restart Apache as follows:
sudo service apache2 restart

Pre-request application code execution

In some circumstances, it is desirable to execute application code before a request is processed. For example, when application code needs to be executed prior to security events being generated and sent to the backend.

With PHP agents, some security protection gets applied in the native code level rather than the PHP language itself. This results in some security events being generated prior to the PHP application being sent to the Application Security backend.

In order to enable the PHP application code to be executed prior to security events being generated, the PHP agent includes a configuration setting that enables you to specify the path to the PHP code that gets executed prior to each request. That script can be used to dynamically set tags contextualizing the security events that are generated, for example with a tenant ID.

Configuration key Environment variable Description
trend_app_protect.prepend_php_file TREND_AP_PREPEND_PHP_FILE Path to script that gets executed first on each request. Default: None. If a request is blocked early, for example by Malicious Payload, this is the only script executed. Note that this configuration setting is only supported with PHP agent.

Configure the agent to communicate with the proper Trend Micro Cloud One region

If you are using a Cloud One region other than 'us-1', you need to configure the agent's connectivity for the region.