Describes in exhaustive detail how to change configuration settings and implement a custom php.ini file for use with the Apache Web Server.
Sections:
- When php run as Apache Module (mod_php)
- When php run as CGI
- When cgi?d php is run with wrapper (for FastCGI)
Code Snippet from Ultimate htaccess file
### RUN PHP AS APACHE MODULE ### AddHandler application/x-httpd-php .php .htm ### RUN PHP AS CGI ### AddHandler php-cgi .php .htm ### CGI PHP WRAPPER FOR CUSTOM PHP.INI ### AddHandler phpini-cgi .php .htm Action phpini-cgi /cgi-bin/php5-custom-ini.cgi ### FAST-CGI SETUP WITH PHP-CGI WRAPPER FOR CUSTOM PHP.INI ### AddHandler fastcgi-script .fcgi AddHandler php-cgi .php .htm Action php-cgi /cgi-bin/php5-wrapper.fcgi ### CUSTOM PHP CGI BINARY SETUP ### AddHandler php-cgi .php .htm Action php-cgi /cgi-bin/php.cgi
When php run as Apache Module (mod_php)
in root .htaccess
SetEnv PHPRC /location/todir/containing/phpinifile
When php run as CGI
Place your php.ini file in the dir of your cgi’d php, in this case /cgi-bin/
htaccess might look something like this
AddHandler php-cgi .php .htm Action php-cgi /cgi-bin/php5.cgi
When php is run as cgi
Create a wrapper script called phpini.cgi to export the directory that contains the php.ini file as PHPRC
#!/bin/sh export PHPRC=/home/site/askapache.com/inc exec /user/htdocs/cgi-bin/php5.cgi
In your .htaccess or httpd.conf file
AddHandler php-cgi .php Action php-cgi /cgi-bin/phpini.cgi
When cgi’d php is run with wrapper (for FastCGI)
NOTE: Custom PHP.ini with FastCGI on DreamHost
You will have a shell wrapper script something like this:
#!/bin/sh export PHP_FCGI_CHILDREN=3 exec /user/htdocs/cgi-bin/php5.cgi
Change To
#!/bin/sh export PHP_FCGI_CHILDREN=3 exec /user/htdocs/cgi-bin/php.cgi -c /home/user/php.ini
NOTES:
- Since PHP 5.1.0, it is possible to refer to existing .ini variables from within .ini files.
open_basedir = ${open_basedir} ":/new/dir" - In order for PHP to read it, config file must be named php.ini
- SetEnv PHPRC only works when using PHP as CGI, not when using php as an Apache Module
Default locations to look for php.ini
PHP looks for custom php.ini in this order
- In the Current working directory
- Place your php.ini in the same directory as the php executable.
- If php executable is here: /home/user1/htdocs/cgi-bin/
- then place your php.ini file here: /home/user1/htdocs/cgi-bin/php.ini
- In the path specified by the environment variable PHPRC
- If you can use SetEnv in .htaccess files–> in the root .htaccess file specify the path to the directory containing php.ini
SetEnv PHPRC /home/user1 - If you can’t use SetEnv and you are using a wrapper shell script place this in your wrapper shell script
export PHPRC=/home/user1
- If you can use SetEnv in .htaccess files–> in the root .htaccess file specify the path to the directory containing php.ini
- In the path that was defined at compile time with –with-config-file-path
- The path in which the php.ini file is looked for can be overridden using the -c argument in command line mode. (cgi)
/home/user1/htdocs/cgi-bin/php.cgi -c /home/user1/php.ini - With this option one can either specify a directory where to look for php.ini or you can specify a custom INI file directly (which does not need to be named php.ini),
$ php -c /custom/directory/custom-file.ini my_script.php - Under Windows, the compile-time path is the Windows directory. Place php.ini in one of the directories,
C:\windows or C:\winnt
- The path in which the php.ini file is looked for can be overridden using the -c argument in command line mode. (cgi)
From: PHP Runtime Configuration
php.ini is searched for by php in these locations in this order
- SAPI module specific location
- PHPIniDir directive in Apache 2
- -c command line option in CGI and CLI
- php_ini parameter in NSAPI
- PHP_INI_PATH environment variable in THTTPD
- The PHPRC environment variable (Before PHP 5.2.0 this was checked after the registry key mentioned below.)
- HKEY_LOCAL_MACHINE\SOFTWARE\PHP\IniFilePath (Windows Registry location)
- Current working directory (for CLI)
- The web server’s directory (for SAPI modules)
- Directory of PHP (If Windows)
- Windows directory (C:\windows or C:\winnt)
- –with-config-file-path compile time option
NOTE: The Apache web server changes the directory to root at startup causing PHP to attempt to read php.ini from the root filesystem if it exists. If php-SAPI.ini exists (where SAPI is used SAPI, so the filename is e.g. php-cli.ini or php-apache.ini), it’s used instead of php.ini. SAPI name can be determined by php_sapi_name(). You can use also use the predefined PHP_SAPI constant instead of php_sapi_name()
If your server is running Windows click here
Directions for custom php.ini for Powweb Customers
Specific to Powweb, but can be used elsewhere. In the folder above the htdocs (your ROOT) for the domain you want a custom php.ini file for, create an htaccess file with the following content
SetEnv PHPRC /home/users/web/bEXAMPLE/pow.EXAMPLE
Then create a blank php.ini also in your ROOT directory (/home/users/web/bEXAMPLE/pow.EXAMPLE). Next copy the powweb php.ini text to your php.ini file and customize it.
You can test to make sure you are using the new php.ini by running phpinfo(); If you want multiple php.ini files, then use .htaccess files to set the PHPRC variable to the directory that the php.ini file you want to use is in.
File structure from ROOT directory
. |-- site1.com | `-- htdocs | | |-- cgi-bin | | | `-- dl.cgi | | `-- index.html | |-- phpsessions | |-- php.ini | `-- .htaccess |-- site2.org | `-- htdocs | | |-- cgi-bin | | | `-- dl.cgi | | `-- index.html | |-- phpsessions | |-- php.ini | `-- .htaccess `-- site3.net `-- htdocs | |-- cgi-bin | | `-- dl.cgi | `-- index.html |-- phpsession |-- php.ini `-- .htaccess
Remember to chmod 640 all .htaccess files, chmod 600 your php.ini files, chmod 600 your php flies, and chmod 705 your cgi scripts.. if you don’t want ftp users to be able to change the file than chmod 400.
What’s the difference between PHP-CGI and PHP as an Apache module?
The benefits of running PHP-CGI are:
- It is more secure. The PHP runs as your user rather than dhapache. That means you can put your database passwords in a file readable only by you and your php scripts can still access it!
- It is more flexible. Because of security concerns when running PHP as an Apache module, we disabled commands with the non-CGI PHP. This will cause install problems with certain popular PHP scripts if you run PHP not as a CGI!
- It’s just as fast as running PHP as an Apache module, and we include more default libraries.
The drawbacks to running PHP-CGI. They are:
- Custom 404 pages won’t work for .php files with PHP-CGI. Or will they?
- Variables in the URL which are not regular ?foo=bar variables won’t work without using (mod_rewrite) (example.com/blah.php/username/info/variable).
- Custom php directives in .htaccess files (php_include_dir /home/user;/home/user/example_dir) won’t work.
- The $_SERVER['SCRIPT_NAME'] variable will return the php.cgi binary rather than the name of your script
- Persistant database connections will not work. PHP’s mysql_pconnect() function will just open a new connection because it can’t find a persistant one.
If one of those is a show-stopper for you, you can easily switch to running PHP as an Apache module and not CGI, but be prepared for a bunch of potential security and ease-of-use issues! If you don’t know what any of these drawbacks mean, you’re fine just using the default setting of PHP-CGI and not worrying about anything!
The configuration file The configuration file (called php3.ini in PHP 3, and simply php.ini as of PHP 4) is read when PHP starts up. For the server module versions of PHP, this happens only once when the web server is started. For the CGI and CLI version, it happens on every invocation.
Running PHP as an Apache module
When using PHP as an Apache module, you can also change the configuration settings using directives in Apache configuration files (e.g. httpd.conf) and .htaccess files. You will need “AllowOverride Options” or “AllowOverride All” privileges to do so.
With PHP 4 and PHP 5, there are several Apache directives that allow you to change the PHP configuration from within the Apache configuration files.
NOTE: With PHP 3, there are Apache directives that correspond to each configuration setting in the php3.ini name, except the name is prefixed by “php3_”.
php_value name value
Sets the value of the specified directive. Can be used only with PHP_INI_ALL and PHP_INI_PERDIR type directives. To clear a previously set value use none as the value.
NOTE: Don’t use php_value to set boolean values. php_flag (see below) should be used instead.
php_flag name on|off
Used to set a boolean configuration directive. Can be used only with PHP_INI_ALL and PHP_INI_PERDIR type directives.
php_admin_value name value
Sets the value of the specified directive. This can not be used in .htaccess files. Any directive type set with php_admin_value can not be overridden by .htaccess or virtualhost directives. To clear a previously set value use none as the value.
php_admin_flag name on|off
Used to set a boolean configuration directive. This can not be used in .htaccess files. Any directive type set with php_admin_flag can not be overridden by .htaccess or virtualhost directives.
Apache configuration example
<IfModule mod_php5.c> php_value include_path ".:/usr/local/lib/php" php_admin_flag safe_mode on </IfModule> <IfModule mod_php4.c> php_value include_path ".:/usr/local/lib/php" php_admin_flag safe_mode on </IfModule> <IfModule mod_php3.c> php3_include_path ".:/usr/local/lib/php" php3_safe_mode on </IfModule>
How to change configuration settings
Changing PHP configuration via the Windows registry
When running PHP on Windows, the configuration values can be modified on a per-directory basis using the Windows registry. The configuration values are stored in the registry key HKLM\SOFTWARE\PHP\Per Directory Values, in the sub-keys corresponding to the path names. For example, configuration values for the directory c:\inetpub\wwwroot would be stored in the key HKLM\SOFTWARE\PHP\Per Directory Values\c\inetpub\wwwroot. The settings for the directory would be active for any script running from this directory or any subdirectory of it. The values under the key should have the name of the PHP configuration directive and the string value. PHP constants in the values are not parsed. However, only configuration values changeable in PHP_INI_USER can be set this way, PHP_INI_PERDIR values can not.
Other interfaces to PHP
Regardless of how you run PHP, you can change certain values at runtime of your scripts through ini_set().
If you are interested in a complete list of configuration settings on your system with their current values, you can execute the phpinfo() function, and review the resulting page. You can also access the values of individual configuration directives at runtime using ini_get() or get_cfg_var().
Changing php settings with .htaccess or httpd.conf
add settings to a .htaccess file with ‘php_flag’ like this:
php_flag register_globals off php_flag magic_quotes_gpc on
In .htaccess, only true/false on/off flags can be set using php_flag. To set other values you need to use php_value, like this:
php_value upload_max_filesize 20M
PHP_INI_SYSTEM can be configured per-directory by placing it inside a per-directory block in httpd.conf
# Selectively enable APC for wildly popular directories # apc.enabled is Off in php.ini to reduce memory use <Directory /usr/local/apache2/htdocs/forum> php_flag apc.enabled On </Directory>
NOTE: In order for these settings to work in your htaccess file, you will need to add “Options” to your AllowOverride specifications for the directory/webserver if it’s not already allowed.
Installed as CGI binary
One of the most common reasons why you get 'No input file specified' (AKA 'the second most useful error message in the world') is that you have set 'doc_root' (in php.ini) to a value which is to the 'DocumentRoot' defined in the apache configuration. This is the same for other webservers. For example, on lighttpd, make sure the 'server.document-root' value is the same as what is defined as 'doc_root' in php.ini.
Download PHP.ini files
- DreamHost non-cgi php.ini
- Development php.ini from php CVS
- Default PowWeb php.ini file for PHP 5.1.5
Some links to articles and manual pages about using php as a cgi and as an Apache module.
- Apache module mod_env
- PHP: Using PHP from the command line
- PHP: Apache 2.0 on Unix systems
- Maven Apache Mod Fastcgi PHP
- Using PHP As A Shell Scripting Language
cgi.fix_pathinfo Provides real PATH_INFO/PATH_TRANSLATED support for CGI. PHP’s previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting this to 1 will cause PHP CGI to fix it’s paths to conform to the spec. A setting of zero causes PHP to behave as before. Default is zero. You should fix your scripts to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
cgi.force_redirect gi.force_redirect is necessary to provide security running PHP as a CGI under most web servers. Left undefined, PHP turns this on by default. You can turn it off at your own risk.
cgi.redirect_status_env If cgi.force_redirect is turned on, and you are not running under Apache or Netscape (iPlanet) web servers, you may need to set an environment variable name that PHP will look for to know it is OK to continue execution.
NOTE: Setting this variable may cause security issues, know what you are doing first.
fastcgi.impersonate FastCGI under IIS (on WINNT based OS) supports the ability to impersonate security tokens of the calling client. This allows IIS to define the security context that the request runs under. mod_fastcgi under Apache does not currently support this feature (03/17/2002) Set to 1 if running under IIS. Default is zero.
PHP.ini stuff
- allow_call_time_pass_reference
- allow_url_fopen
- allow_url_include
- always_populate_raw_post_data
- apc.cache_by_default
- apc.enabled
- apc.enable_cli
- apc.file_update_protection
- apc.filters
- apc.gc_ttl
- apc.max_file_size
- apc.mmap_file_mask
- apc.num_files_hint
- apc.optimization
- apc.shm_segments
- apc.shm_size
- apc.slam_defense
- apc.ttl
- apc.user_entries_hint
- apc.user_ttl
- apd.dumpdir
- apd.statement_tracing
- arg_separator.input
- arg_separator.output
- asp_tags
- assert.active
- assert.bail
- assert.callback
- assert.quiet_eval
- assert.warning
- auto_append_file
- auto_detect_line_endings
- auto_globals_jit
- auto_prepend_file
- bcmath.scale
- bcompiler.enabled
- birdstep.max_links
- blenc.key_file
- browscap
- cgi.discard_path
- cgi.fix_pathinfo
- cgi.force_redirect
- cgi.nph
- cgi.redirect_status_env
- cgi.rfc2616_headers
- child_terminate
- com.allow_dcom
- com.autoregister_casesensitive
- com.autoregister_typelib
- com.autoregister_verbose
- com.code_page
- com.typelib_file
- crack.default_dictionary
- daffodildb.default_host
- daffodildb.default_password
- daffodildb.default_socket
- daffodildb.default_user
- daffodildb.port
- date.default_latitude
- date.default_longitude
- date.sunrise_zenith
- date.sunset_zenith
- date.timezone
- dba.default_handler
- dbx.colnames_case
- default_charset
- default_mimetype
- default_socket_timeout
- define_syslog_variables
- disable_classes
- disable_functions
- display_errors
- display_startup_errors
- docref_ext
- docref_root
- doc_root
- enable_dl
- engine
- error_append_string
- error_log
- error_prepend_string
- error_reporting
- exif.decode_jis_intel
- exif.decode_jis_motorola
- exif.decode_unicode_intel
- exif.decode_unicode_motorola
- exif.encode_jis
- exif.encode_unicode
- expect.logfile
- expect.loguser
- expect.timeout
- expose_php
- extension_dir
- fastcgi.impersonate
- fastcgi.logging
- fbsql.allow_persistent
- fbsql.autocommit
- fbsql.batchsize
- fbsql.default_database
- fbsql.default_database_password
- fbsql.default_host
- fbsql.default_password
- fbsql.default_user
- fbsql.generate_warnings
- fbsql.max_connections
- fbsql.max_links
- fbsql.max_persistent
- fbsql.max_results
- file_uploads
- filter.default
- filter.default_flags
- from
- highlight.bg
- highlight.comment
- highlight.default
- highlight.html
- highlight.keyword
- highlight.string
- html_errors
- http.allowed_methods
- http.allowed_methods_log
- http.cache_log
- http.composite_log
- http.etag_mode
- http.force_exit
- http.ob_deflate_auto
- http.ob_deflate_flags
- http.ob_inflate_auto
- http.ob_inflate_flags
- http.only_exceptions
- http.redirect_log
- hyperwave.allow_persistent
- hyperwave.default_port
- ibase.allow_persistent
- ibase.dateformat
- ibase.default_charset
- ibase.default_db
- ibase.default_password
- ibase.default_user
- ibase.max_links
- ibase.max_persistent
- ibase.timeformat
- ibase.timestampformat
- ibm_db2.binmode
- ibm_db2.instance_name
- iconv.input_encoding
- iconv.internal_encoding
- iconv.output_encoding
- ifx.allow_persistent
- ifx.blobinfile
- ifx.byteasvarchar
- ifx.charasvarchar
- ifx.default_host
- ifx.default_password
- ifx.default_user
- ifx.max_links
- ifx.max_persistent
- ifx.nullformat
- ifx.textasvarchar
- ignore_repeated_errors
- ignore_repeated_source
- ignore_user_abort
- implicit_flush
- include_path
- ingres.allow_persistent
- ingres.blob_segment_length
- ingres.cursor_mode
- ingres.default_database
- ingres.default_password
- ingres.default_user
- ingres.max_links
- ingres.max_persistent
- ingres.report_db_warnings
- ingres.timeout
- ingres.trace_connect
- ircg.control_user
- ircg.keep_alive_interval
- ircg.max_format_message_sets
- ircg.shared_mem_size
- ircg.work_dir
- last_modified
- ldap.max_links
- log_errors
- log_errors_max_len
- magic_quotes_gpc
- magic_quotes_runtime
- magic_quotes_sybase
- mail.force_extra_parameters
- mailparse.def_charset
- maxdb.default_db
- maxdb.default_host
- maxdb.default_pw
- maxdb.default_user
- maxdb.long_readlen
- max_execution_time
- max_input_time
- mbstring.detect_order
- mbstring.encoding_translation
- mbstring.func_overload
- mbstring.http_input
- mbstring.http_output
- mbstring.internal_encoding
- mbstring.language
- mbstring.script_encoding
- mbstring.strict_detection
- mbstring.substitute_character
- mcrypt.algorithms_dir
- mcrypt.modes_dir
- memory_limit
- mime_magic.debug
- mime_magic.magicfile
- msql.allow_persistent
- msql.max_links
- msql.max_persistent
- mssql.allow_persistent
- mssql.batchsize
- mssql.charset
- mssql.compatability_mode
- mssql.connect_timeout
- mssql.datetimeconvert
- mssql.max_links
- mssql.max_persistent
- mssql.max_procs
- mssql.min_error_severity
- mssql.min_message_severity
- mssql.secure_connection
- mssql.textlimit
- mssql.textsize
- mssql.timeout
- mysql.allow_persistent
- mysql.connect_timeout
- mysql.default_host
- mysql.default_password
- mysql.default_port
- mysql.default_socket
- mysql.default_user
- mysql.max_links
- mysql.max_persistent
- mysql.trace_mode
- mysqli.default_host
- mysqli.default_port
- mysqli.default_pw
- mysqli.default_socket
- mysqli.default_user
- mysqli.max_links
- mysqli.reconnect
- namazu.debugmode
- namazu.lang
- namazu.loggingmode
- namazu.sortmethod
- namazu.sortorder
- nsapi.read_timeout
- oci8.default_prefetch
- oci8.max_persistent
- oci8.old_oci_close_semantics
- oci8.persistent_timeout
- oci8.ping_interval
- oci8.privileged_connect
- oci8.statement_cache_size
- odbc.allow_persistent
- odbc.check_persistent
- odbc.defaultbinmode
- odbc.defaultlrl
- odbc.default_db
- odbc.default_pw
- odbc.default_user
- odbc.max_links
- odbc.max_persistent
- opendirectory.max_refs
- opendirectory.separator
- open_basedir
- oracle.allow_persistent
- oracle.max_links
- oracle.max_persistent
- output_buffering
- output_handler
- pdo_odbc.connection_pooling
- pfpro.defaulthost
- pfpro.defaultport
- pfpro.defaulttimeout
- pfpro.proxyaddress
- pfpro.proxylogon
- pfpro.proxypassword
- pfpro.proxyport
- pgsql.allow_persistent
- pgsql.auto_reset_persistent
- pgsql.ignore_notice
- pgsql.log_notice
- pgsql.max_links
- pgsql.max_persistent
- post_max_size
- precision
- printer.default_printer
- realpath_cache_size
- realpath_cache_ttl
- register_argc_argv
- register_globals
- register_long_arrays
- report_memleaks
- report_zend_debug
- runkit.internal_override
- runkit.superglobal
- safe_mode
- safe_mode_allowed_env_vars
- safe_mode_exec_dir
- safe_mode_gid
- safe_mode_include_dir
- safe_mode_protected_env_vars
- sendmail_from
- sendmail_path
- serialize_precision
- session.auto_start
- session.bug_compat_42
- session.bug_compat_warn
- session.cache_expire
- session.cache_limiter
- session.cookie_domain
- session.cookie_lifetime
- session.cookie_path
- session.cookie_secure
- session.entropy_file
- session.entropy_length
- session.gc_divisor
- session.gc_maxlifetime
- session.gc_probability
- session.hash_bits_per_character
- session.hash_function
- session.name
- session.referer_check
- session.save_handler
- session.save_path
- session.serialize_handler
- session.use_cookies
- session.use_only_cookies
- session.use_trans_sid
- session_pgsql.create_table
- session_pgsql.db
- session_pgsql.disable
- session_pgsql.failover_mode
- session_pgsql.gc_interval
- session_pgsql.keep_expired
- session_pgsql.sem_file_name
- session_pgsql.serializable
- session_pgsql.short_circuit
- session_pgsql.use_app_vars
- session_pgsql.vacuum_interval
- short_open_tag
- simple_cvs.authMethod
- simple_cvs.compressionLevel
- simple_cvs.cvsRoot
- simple_cvs.host
- simple_cvs.moduleName
- simple_cvs.userName
- simple_cvs.workingDir
- SMTP
- smtp_port
- soap.wsdl_cache_dir
- soap.wsdl_cache_enabled
- soap.wsdl_cache_ttl
- sql.safe_mode
- sqlite.assoc_case
- sybase.allow_persistent
- sybase.compatability_mode
- sybase.interface_file
- sybase.max_links
- sybase.max_persistent
- sybase.min_error_severity
- sybase.min_message_severity
- sybct.allow_persistent
- sybct.deadlock_retry_count
- sybct.hostname
- sybct.login_timeout
- sybct.max_links
- sybct.max_persistent
- sybct.min_client_severity
- sybct.min_server_severity
- sybct.packet_size
- sybct.timeout
- sysvshm.init_mem
- tidy.clean_output
- tidy.default_config
- track_errors
- unicode.fallback_encoding
- unicode.from_error_mode
- unicode.from_error_subst_char
- unicode.http_input_encoding
- unicode.output_encoding
- unicode.runtime_encoding
- unicode.script_encoding
- unicode_semantics
- unserialize_callback_func
- upload_max_filesize
- upload_tmp_dir
- url_rewriter.tags
- user_agent
- user_dir
- valkyrie.auto_validate
- valkyrie.config_path
- variables_order
- xbithack
- xmlrpc_errors
- xmlrpc_error_number
- xmms.path
- xmms.session
- y2k_compliance
- yaz.keepalive
- yaz.log_file
- yaz.log_mask
- yaz.max_links
- zend.ze1_compatibility_mode
- zlib.output_compression
- zlib.output_compression_level
- zlib.output_handler
Related Articles
askapache
One of the most common reasons why you get ‘No input file specified’ (AKA ‘the second most useful error message in the world’) is that you have set ‘doc_root’ (in php.ini) to a value which is to the ‘DocumentRoot’ defined in the apache configuration.
This is the same for other webservers. For example, on lighttpd, make sure the ’server.document-root’ value is the same as what is defined as ‘doc_root’ in php.ini.
In response to grange at club-internet dot fr:
There are a couple of errors in the mod_rewrite directives given. I found that the following works:
RewriteEngine on
RewriteCond %{ENV:REDIRECT_STATUS} !200
RewriteRule ^cgi-bin/php.cgi - [F]
I removed the = from the RewriteCond and took out the leading / from the RewriteRule.
I have noticed that some people have noted that running PHP as a CGI program can run slowly compared with a compiled in module. Some have noted that they want to use FastCGI but are hesitant. I found that using the Apache 2’s CGID module was a great way to speed up performance almost to the same level as an “so”-installed PHP module but you get the added benefit of running each virtual host under it’s own user and group.
In my testing I got 44 pages per second using PHP as a module and I got roughly the same performance (within 5%) running PHP as a CGI program through CGID.
CGID is also really easy to set up. Just add –enable-cgid to your Apache configure command and you’re good to go. Just set up PHP as a CGI normally.
I’m sure that there’s extra RAM used for this method but RAM is as cheap as borscht anyways so it shouldn’t be a major factor when trying to speed up PHP CGI.
Here are my two cents of knowledge about php-cgi when running CGI script from prompt:
If you get the “No input file specified.” error, create the environment variable “SCRIPT_FILENAME=C:\files\test.php”.
If you get “Security Alert!” error and it tells you to create the REDIRECT_STATUS environment variable, it is because you have the SERVER_NAME variable set but not the REDIRECT_STATUS variable.
Hence, if you have SERVER_NAME, you also need REDIRECT_STATUS, but not otherwise.
And you pretty much should have SCRIPT_FILENAME at all time.
–enable-force-cgi-redirect won’t work in FastCGI mode : as of 4.3.10, it is only supported in CGI mode.
However, you can achieve the same result with mod_rewrite under Apache :
RewriteEngine on
RewriteCond %{ENV:REDIRECT_STATUS} !=200
RewriteRule /cgi-bin/path/to/php - [F]
This will only allow internal redirection, thus forbidding direct HTTP access to php interpreter (http://www.exemple.com/cgi-bin/path/to/php).
PHP CGI with VirtualHosts.
This is what I found out while trying to get php to work as CGI with Apache VirtualHosts.
By enabling ‘force-cgiredirects’, you *must*:
1) set ‘cgi.fix_pathinfo=1′ in php.ini
2) leave doc_root commented out (php.ini also)
If you miss item 1, the apache logs will show ‘unexpected T_STRING’ in the php binary.
If you miss item 2, you’ll only see ‘No input file specified.’, instead of the expected output.
You can then turn on the php support for a particular vhost by defining:
Action php-script /cgi-bin/php
inside the corresponding
directive.
PHP works with Apache and suEXEC like this:
(Assuming that suEXEC ist allready installed and working)
Install PHP as CGI binary (e.g. in /usr/local/bin/php)
(compile with –enable-force-cgi-redirect)
Create a Link inside cgi-bin directory to make php-cgi accessable:
cd /usr/local/apache/cgi-bin
ln /usr/local/bin/php php
Edit your httpd.conf file:
User exampleuser
AddHandler php4-script .php
Action php4-script /cgi-bin/php
Group examplegroup
…
Restart Apache
PHP-scripts are now called under the user-id of exampleuser and group-id of examplegroup.
a replacement for suexec is suphp (http://www.suphp.org).
“suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.” (from the website)
I have setup a guide to installing PHP with SuEXEC in such a way that shebangs (!#/usr/bin/php4) are not needed. Hope this is of some help to you.
A tip for Windows-users
Just a tip for you so do not do the same mistake as I did:
I just found out that PHP first seem to look in the php-directory for php.ini, and if that file does not exist, it looks in the Windows directory.
I renamed the file php.ini-dist to php.ini and copied it to my Windows directory, and then I modified the infamous “cgi.force_redirect = 0″ in the php.ini file located in the Windows directory, to make it work. But it did not because it reads from the “original” php.ini - So when I deleted this php.ini things started working again
If you are using php per cgi and have additionally mod_gzip enabled you have to disable mod_gzip for the php cgi binary to use –enable-cgi-redirect. mod_gzip sets the REDIRECT_STATUS always to 200 which makes it impossible for the php binary to know when it was called directly or when it was called by a redirect.
To use php-cgi with suexec it will be nice that each virtual host has ist’s own php.ini. This goes with :
SetEnv PHPRC /var/www/server/www.test.com/conf
But suexec will kill this enviromet cause It don’t know that it is “save” so you must edit the suexec.c for compiling ….
When using php in cgi mode, it’s often a good idea to take a look at the apache suexec feature in addition to the –force-cgi-redirect option.
http://httpd.apache.org/docs/suexec.html
If you do virutal hosting, you can turn safe mode on and off for different Apache Virutal Hosts using the php_admin_value directive. This also allows you to have customised maximum execution times, disabled functions, etc; anything which is set in php.ini. Note that by placing a base_dir for each virutal host, this means PHP CANNOT access files below this heirachy; strongly recomended for customer hosting.
Example (httpd.conf):
[VirtualHost 127.0.0.1:80]
DocumentRoot /var/www/html/safephphost/
ServerName safephp
php_admin_value safe_mode 1
php_admin_value open_base_dir /var/www/html/safephphost/
php_admin_value sendmail_from phobo#paradise.net.nz
[/VirtualHost]
Am not sure which versions this started working with but does with Apache 1.3.19/PHP4.04pl1.
If you care about security, you are better of setting
register_globals = off
enable_track_vars = on (Always on from PHP4.0.3)
Default setting for variable order is
EGPCS
(ENV VARS/GET VARS/POST VARS/COOKIE VARS/SESSION VARS)
Imagine if you are rely on ENV VAR but it was orver written with GET/POST/COOKIE vars?
If you want to use suexec and reference your php interpreter via #!/usr/local/bin/php, be shure to compile php WITHOUT –enable-force-cgi-redirect.
This might seems obvious, but I spent 2 days on this :-(
The configuration option ‘–enable-force-cgi-redirect’ is supported by Zeus Web Server 3.3.8.2 (at least, that’s what I’ve tried it on - it make work on previous versions).
suEXEC require CGI mode, and slow down the scripts. I did them like this:
1. Install php as DSO mode. (for max speed and low secure)
2. Make a seperate CGI install with –enable-force-cgi-redirect, place php to cgi-bin
3 For more secure with suEXEC, choose one of the following method:
3-1: Place a .htaccess file containing this to override main config:
AddType application/x-httpd-wphp php
Action application/x-httpd-wphp /cgi-bin/php
All php files in subdirectory will be protected.
3-2: add following in httpd.conf:
AddType application/x-httpd-wphp sphp
Action application/x-httpd-wphp /cgi-bin/php
then each sensitive php file should be renamed to .sphp
Add “php_value doc_root /home/user/html_docs” to each virtual host directive in httpd.conf
another clean solution is to hack suexec.c of apache
and force all .php scripts to be executed with php compiled
in cgi mode.
suexec.c
in place
if (!(prg_info.st_mode & S_IXUSR)) {
just
if (!(prg_info.st_mode & S_IXUSR) & (strstr(cmd, “.php”) == NULL)) {
in place
execv(cmd, &argv[3]);
just
if (strstr(cmd, “.php”)) execl(”/usr/local/bin/php”, “php”, cmd, NULL);
else execv(cmd, &argv[3]);
Better yet, use binfmt_misc: (linux only)
echo :php3:E::php3::/usr/bin/php: > /proc/sys/fs/binfmt_misc/register
Eliminates the need for the #! at the top of the file.