diff --git a/Dockerfile.linux.amd64 b/Dockerfile.linux.amd64
index e839b6f..79032e7 100644
--- a/Dockerfile.linux.amd64
+++ b/Dockerfile.linux.amd64
@@ -14,6 +14,7 @@ RUN apk --update add --virtual .build-deps tar curl && \
     curl -SsL -o /usr/local/bin/gomplate https://github.com/hairyhenderson/gomplate/releases/download/v3.5.0/gomplate_linux-amd64-slim && \ 
     chmod 755 /usr/local/bin/gomplate && \
     curl -SsL ${TTRSS_TARBALL} | tar xz -C /var/www/app/ --strip-components=1 && \
+    curl -SsL -o /etc/php7/browscap.ini https://browscap.org/stream?q=Lite_PHP_BrowsCapINI && \
     apk del .build-deps && \
     rm -rf /var/cache/apk/* && \
     rm -rf /tmp/*
diff --git a/overlay/etc/php7/php.ini b/overlay/etc/php7/php.ini
index 744417e..18c3412 100644
--- a/overlay/etc/php7/php.ini
+++ b/overlay/etc/php7/php.ini
@@ -19,9 +19,9 @@ implicit_flush = Off
 unserialize_callback_func =
 serialize_precision = 17
 
-;open_basedir =
+open_basedir = "/var/www/app:/var/lib/php/tmp_upload:/var/lib/php/session:/var/lib/php/soap_cache"
 
-disable_functions =
+disable_functions = system, exec, shell_exec, phpinfo, show_source, highlight_file, popen, proc_open, fopen_with_path, dbmopen, dbase_open, putenv, move_uploaded_file, mkdir, rmdir, chmod, rename, filepro, filepro_rowcount, filepro_retrieve, posix_mkfifo
 disable_classes =
 
 ;highlight.string  = #DD0000
@@ -44,8 +44,8 @@ expose_php = Off
 max_execution_time = 30
 max_input_time = 60
 ;max_input_nesting_level = 64
-;max_input_vars = 1000
-memory_limit = 128M
+max_input_vars = 100
+memory_limit = 50M
 
 error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
 display_errors = Off
@@ -95,7 +95,7 @@ extension_dir = "/usr/lib/php7/modules"
 ;sys_temp_dir = "/tmp"
 enable_dl = Off
 
-;cgi.force_redirect = 1
+cgi.force_redirect = 1
 ;cgi.nph = 1
 ;cgi.redirect_status_env =
 cgi.fix_pathinfo = 0
@@ -106,10 +106,10 @@ cgi.discard_path = 1
 ;cgi.rfc2616_headers = 0
 ;cgi.check_shebang_line = 1
 
-file_uploads = On
-;upload_tmp_dir =
+file_uploads = Off
+upload_tmp_dir = /var/lib/php/tmp_upload
 upload_max_filesize = 2M
-max_file_uploads = 20
+max_file_uploads = 2
 
 allow_url_fopen = On
 allow_url_include = Off
@@ -254,17 +254,17 @@ browscap = /etc/php7/browscap.ini
 
 [Session]
 session.save_handler = files
-;session.save_path = "/tmp"
-session.use_strict_mode = 0
+session.save_path = "/var/lib/php/session"
+session.use_strict_mode = 1
 session.use_cookies = 1
-;session.cookie_secure =
+session.cookie_secure = 0
 session.use_only_cookies = 1
 session.name = PHPSESSID
-session.auto_start = 0
-session.cookie_lifetime = 0
+session.auto_start = Off
+session.cookie_lifetime = 14400
 session.cookie_path = /
 session.cookie_domain =
-session.cookie_httponly =
+session.cookie_httponly = 1
 session.serialize_handler = php
 session.gc_probability = 1
 session.gc_divisor = 1000
@@ -273,9 +273,9 @@ session.referer_check =
 ;session.entropy_length = 32
 ;session.entropy_file = /dev/urandom
 session.cache_limiter = nocache
-session.cache_expire = 180
+session.cache_expire = 30
 session.use_trans_sid = 0
-session.hash_function = 0
+session.hash_function = sha512
 session.hash_bits_per_character = 5
 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
 ;session.upload_progress.enabled = On
@@ -332,7 +332,7 @@ tidy.clean_output = Off
 
 [soap]
 soap.wsdl_cache_enabled = 1
-soap.wsdl_cache_dir = "/tmp"
+soap.wsdl_cache_dir = "/var/lib/php/soap_cache"
 soap.wsdl_cache_ttl = 86400
 soap.wsdl_cache_limit = 5
 
diff --git a/overlay/etc/templates/php.ini.tmpl b/overlay/etc/templates/php.ini.tmpl
index 3a57093..2231c5b 100644
--- a/overlay/etc/templates/php.ini.tmpl
+++ b/overlay/etc/templates/php.ini.tmpl
@@ -19,9 +19,9 @@ implicit_flush = Off
 unserialize_callback_func =
 serialize_precision = 17
 
-;open_basedir =
+open_basedir = "/var/www/app:/var/lib/php/tmp_upload:/var/lib/php/session:/var/lib/php/soap_cache"
 
-disable_functions =
+disable_functions = system, exec, shell_exec, phpinfo, show_source, highlight_file, popen, proc_open, fopen_with_path, dbmopen, dbase_open, putenv, move_uploaded_file, mkdir, rmdir, chmod, rename, filepro, filepro_rowcount, filepro_retrieve, posix_mkfifo
 disable_classes =
 
 ;highlight.string  = #DD0000
@@ -44,8 +44,8 @@ expose_php = {{ getenv "PHP_EXPOSE_PHP" "Off" }}
 max_execution_time = {{ getenv "PHP_MAX_EXECUTION_TIME" "30" }}
 max_input_time = {{ getenv "PHP_MAX_INPUT_TIME" "60" }}
 ;max_input_nesting_level = 64
-;max_input_vars = 1000
-memory_limit = {{ getenv "PHP_MEMORY_LIMIT" "128M" }}
+max_input_vars = 100
+memory_limit = {{ getenv "PHP_MEMORY_LIMIT" "50M" }}
 
 error_reporting = {{ getenv "PHP_ERROR_REPORTING" "E_ALL & ~E_DEPRECATED & ~E_STRICT" }}
 display_errors = {{ getenv "PHP_DISPLAY_ERRORS" "Off" }}
@@ -95,7 +95,7 @@ extension_dir = "/usr/lib/php7/modules"
 ;sys_temp_dir = "/tmp"
 enable_dl = Off
 
-;cgi.force_redirect = 1
+cgi.force_redirect = 1
 ;cgi.nph = 1
 ;cgi.redirect_status_env =
 cgi.fix_pathinfo = 0
@@ -106,13 +106,13 @@ cgi.discard_path = 1
 ;cgi.rfc2616_headers = 0
 ;cgi.check_shebang_line = 1
 
-file_uploads = On
-;upload_tmp_dir =
+file_uploads = {{ getenv "PHP_FILE_UPLOADS" "Off" }}
+upload_tmp_dir = /var/lib/php/tmp_upload
 upload_max_filesize = {{ getenv "PHP_UPLOAD_MAX_FILESIZE" "2M" }}
-max_file_uploads = 20
+max_file_uploads = {{ getenv "PHP_MAX_FILE_UPLOADS" "2" }}
 
 allow_url_fopen = {{ getenv "PHP_ALLOW_URL_FOPEN" "On" }}
-allow_url_include = Off
+allow_url_include = {{ getenv "PHP_ALLOW_URL_INCLUDE" "Off" }}
 
 ;from="john@doe.com"
 ;user_agent="PHP"
@@ -254,17 +254,17 @@ browscap = /etc/php7/browscap.ini
 
 [Session]
 session.save_handler = files
-;session.save_path = "/tmp"
-session.use_strict_mode = 0
+session.save_path = "/var/lib/php/session"
+session.use_strict_mode = 1
 session.use_cookies = 1
-;session.cookie_secure =
+session.cookie_secure = 0
 session.use_only_cookies = 1
 session.name = PHPSESSID
-session.auto_start = 0
-session.cookie_lifetime = 0
+session.auto_start = Off
+session.cookie_lifetime = 14400
 session.cookie_path = /
 session.cookie_domain =
-session.cookie_httponly =
+session.cookie_httponly = 1
 session.serialize_handler = php
 session.gc_probability = 1
 session.gc_divisor = 1000
@@ -273,9 +273,9 @@ session.referer_check =
 ;session.entropy_length = 32
 ;session.entropy_file = /dev/urandom
 session.cache_limiter = nocache
-session.cache_expire = 180
+session.cache_expire = 30
 session.use_trans_sid = 0
-session.hash_function = 0
+session.hash_function = sha512
 session.hash_bits_per_character = 5
 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
 ;session.upload_progress.enabled = On
@@ -332,7 +332,7 @@ tidy.clean_output = Off
 
 [soap]
 soap.wsdl_cache_enabled = 1
-soap.wsdl_cache_dir = "/tmp"
+soap.wsdl_cache_dir = "/var/lib/php/soap_cache"
 soap.wsdl_cache_ttl = 86400
 soap.wsdl_cache_limit = 5