Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: FASTCGI + PHP Basedir restriction |
|
| Author |
|
markymark
Joined: 26 Aug 2006
Posts: 10
Location: Brighton, UK
|
 Posted: Wed 17 Jan '07 17:44 Post subject: FASTCGI + PHP Basedir restriction |
 |
|
I have been running a couple of sites on Apache 2.2.3+SSL / PHP as FASTCGI using mod_fcgid 2.0, quite happily for a few months now. I am using FASTCGI for stability as the sites are high volume.
I'm shortly going to be hosting a couple of other sites for someone else, so I now need to be able to set basedir restrictions per site.
After searching for ages, I cannot find a solution that will work with PHP running as FASTCGI.
Any ideas would be appreciated.
Thanks. |
|
| Back to top |
|
Brian
Joined: 21 Oct 2005
Posts: 209
Location: Puyallup, WA USA
|
| Posted: Thu 18 Jan '07 8:01 Post subject: |
|
|
You cannot set the basedir per vhost as a F/CGI, FastCGI is bascially just like CGI in this regard. The per vhost settings that you can control when running the Apache SAPI module is a luxury that cannot be provided to CGI.
The other option is if you only need to control be basedir is to do something like set it to /www/ or something like that so you could set up websites as:
e:/websites/domain/www/
e:/websites/domain2/www/
....
Hope this helps. |
|
| Back to top |
|
markymark
Joined: 26 Aug 2006
Posts: 10
Location: Brighton, UK
|
| Posted: Fri 19 Jan '07 17:16 Post subject: |
|
|
Brian
I'm afraid this method doesn't work.
It won't allow any files to be opened at all relative to the document root.
Is there not a way to use multiple php.ini files or some other workaround? Perhaps a module which shares the Apache config info with PHP?
I can't believe that everyone in the world who uses PHP as a CGI has NO simple basedir security!!
Mark |
|
| Back to top |
|
Brian
Joined: 21 Oct 2005
Posts: 209
Location: Puyallup, WA USA
|
| Posted: Fri 19 Jan '07 20:53 Post subject: |
|
|
No, there is not a way to incorporate multiple PHP.INI files into F/CGI. In fact that is the biggest draw back of CGI. I have not tested the BASEDIR settings, and for security reasons in a "shared hosting" environment, I would suggest the Apache module.
Just out of curiosity, why would you want to use F/CGI instead of the Apache module?
For me I use it when I have issues with stability, so any script that makes a call to a command line program (i.e. exec(); shell_exec(); virtual(); and so on) I use F/CGI exclusively. but for me it requires some creative session management and programming, it is not straight forward, necessarily mixing CGI and SAPI scripts. |
|
| Back to top |
|
markymark
Joined: 26 Aug 2006
Posts: 10
Location: Brighton, UK
|
| Posted: Sat 20 Jan '07 0:19 Post subject: |
|
|
I had to switch to FastCGI as I run a large commercial website and it used to crash 7-8 times a day. I'm guessing the main reason was due to the amount of CURL calls my scripts need to make.
Since I switched to FastCGI, the stability has been fantastic.
I have worked around my problem now this way:
1) I created a new PHP folder, the same as the original but with the basedir set in php.ini as I want it. (ie, called php-2 instead of php)
2) Under the virtual host section for the new website in httpd.conf, set the fcgi call to point to the new php folder. eg.
FCGIWrapper "c:/php-2/php-cgi.exe" .php
This means that it reads the new php.ini and the basedir is set for the new website, giving me the security I need.
It's a shame to have to do it this way, but at least it works.
Thanks |
|
| Back to top |
|
|
|
|
|
|
