Actions

Difference between revisions of "Should PHP run as a CGI script or as an Apache module?"

From Joomla! Documentation

m (Configuring the Default Index Page: clean up categories with <noinclude> tags)
 
(9 intermediate revisions by 6 users not shown)
Line 1: Line 1:
There are two ways to configure Apache to use PHP: <br />
+
There are two ways to configure Apache to use PHP:
  
# Configure Apache to load the PHP interpreter as an <i>Apache module</i>
+
# Configure Apache to load the PHP interpreter as an ''Apache module''
# Configure Apache to run the PHP interpreter as a <i>CGI binary</i>
+
# Configure Apache to run the PHP interpreter as a ''CGI binary''
  
<i><span style="color: navy">(PS: Windows IIS normaly configures as CGI by the way)</span></i><br />
+
''(PS: Windows IIS normaly configures as CGI by the way)''
 
   
 
   
It is the intention of this post to provide you information relating to  
+
It is the intention of this post to provide you information relating to the configuration and recognition of each method. "In general" historically only one method or the other has been implemented, however, with the architectural changes made to PHP starting with PHP5, it has been quite common for hosting firms to configure for both. One version running as CGI and one version running as a Module. It is
the configuration and recognition of each method. &quot;In general&quot;
+
generally accepted more recently that running PHP as a CGI is more secure, however, running PHP as an Apache Module does have a slight
historically only one method or the other has been implemented,
+
performance gain and is generally how most pre-configured systems will be delivered out of the box.
however, with the architectural changes made to PHP starting with PHP5,
+
it has been quite common for hosting firms to configure for both. One
+
version running as CGI and one version running as a Module. It is
+
generally accepted more recently that running PHP as a CGI is more
+
secure, however, running PHP as an Apache Module does have a slight
+
performance gain and is generally how most pre-configured systems will
+
be delivered out of the box.
+
  
<span style="color: navy"><b>What is the difference between CGI and apache Module Mode?</b></span><br />
+
== What is the difference between CGI and apache Module Mode? ==
  
An <b><span style="color: blue">Apache module</span></b>
+
An '''Apache module''' is compiled into the Apache binary, so the PHP interpreter runs in the Apache process, meaning that when Apache spawns a child, each process already contains a binary image of PHP. A CGI is executed as a single process for each request, and must make an exec() or fork() call to the PHP executable, meaning that each request will create a new process of the PHP interpreter.  Apache is much more efficient in it's ability to handle requests, and managing resources, making the Apache module slightly faster than the CGI (as well as more stable under load).
is compiled into the Apache binary, so the PHP interpreter runs in the
+
Apache process, meaning that when Apache spawns a child, each process
+
already contains a binary image of PHP. A CGI is executed as a single
+
process for each request, and must make an exec() or fork() call to the
+
PHP executable, meaning that each request will create a new process of
+
the PHP interpreter.  Apache is much more efficient in it's ability to
+
handle requests, and maaging resources, making the Apache module
+
slightly faster than the CGI (as well as more stable under load).<br />
+
  
<b><span style="color: blue">CGI Mode</span></b>
+
'''CGI Mode''' on the other hand, is more secure because the server now manages and controls access to the binaries. PHP can now run as your own user rather than the generic Apache user. This means you can put your database passwords in a file readable only by you and your php scripts can still access it! The "Group" and "Other" permissions  (refer [[Where can you learn more about file permissions?]]) can now be more restrictive. CGI mode is also claimed to be more flexible in many respects as you should now not see, with phpSuExec (refer [http://joomlatutorials.com/joomla-tips-and-tricks/40-miscellaneous-joomla-tips/111-permissions-under-phpsuexec.html Permissions under phpSuExec]) issues with file ownership being taken over by the Apache user, therefore you should no longer have problems under FTP when trying to access or modify files that have been uploaded through a PHP interface, such as Joomla! upload options.
on the other hand, is more secure because the server now manages and
+
controls access to the binaries. PHP can now run as your own user
+
rather than the generic Apache user. This means you can put your
+
database passwords in a file readable only by you and your php scripts
+
can still access it! The &quot;Group&quot; and &quot;Other&quot; permissions  ( refer [http://docs.joomla.org/Where_can_you_learn_more_about_file_permissions%3F Permissions FAQ] ) can now be more restrictive. CGI mode is also claimed to be more
+
flexible in many respects as you should now not see, with phpSuExec (
+
refer [http://joomlatutorials.com/joomla-tips-and-tricks/40-miscellaneous-joomla-tips/111-permissions-under-phpsuexec.html Permissions under phpSuExec] )
+
issues with file ownership being taken over by the Apache user,
+
therefore you should no-longer have problems under FTP when trying to
+
access or modify files that have been uploaded through a PHP interface,
+
such as Joomla! upload options.
+
  
If your server is
+
If your server is configured to run PHP as an Apache module, then you will have the choice of using either php.ini or Apache .htaccess files, however, if your server runs PHP in CGI mode then you will only have the choice of using php.ini files locally to change settings, as Apache is no longer in complete control of PHP.
configured to run PHP as an Apache module, then you will have the
+
choice of using either php.ini or Apache .htaccess files, however, if
+
your server runs PHP in CGI mode then you will only have the choice of
+
using php.ini files locally to change settings, as Apache is no longer
+
in complete control of PHP.
+
  
<hr />
+
== Testing and Reviewing Your PHP Installation ==
  
<span style="color: navy"><b>Testing and Reviewing Your PHP Installation</b></span> <i></i>
+
''Also known as "Everything you ever wanted and didn't want to know about PHP"''
  
<i>Also known as &quot;Everything you ever wanted and didn't want to know about PHP&quot;</i>
+
To find out the PHP interpreter mode and to generally test your PHP installation and to find out a vast amount of information about your PHP environment, supported utilities, applications and settings, you create a single PHP file containing '''only''' the following lines:
  
To
+
<source lang="php">
find out the PHP interpreter mode and to generally test your PHP
+
<?php
installation and to find out a vast amount of information about your
+
phpinfo();
PHP environment, supported utilities, applications and settings, you
+
?>
create a single PHP file containing <i>only</i> the following lines;<br />
+
</source>
</p>
+
  
phpinfo();<br />
+
This single line of code outputs an amazing amount of information, be warned.... [[Image:Icon_wink.gif]]
  
 +
Save the file as any filename you wish, but with the ".php" extension. FTP it to your server and open it in a browser.
  
This single line of code outputs an amazing amount of information, be warned.... [[image:http://forum.joomla.org/Smileys/joomla/wink.gif|Wink]]Save the file as any filename you wish, but with the &quot;.php&quot; extension. FTP it to your server and open it in a browser.
+
== Other useful information ==
  
<span style="color: navy"><b>Other useful information</b></span>
+
The following are PHP functions, that when run from a PHP File can provide some useful information, '''(less than the above option)''' many should run on most hosts, however many hosts disable some of these functions for security. No guarantees offered...
  
The following are PHP functions, that when run from a PHP File can provide some useful information, <i>(less than the above option)</i> many should run on most hosts, however many hosts disable some of these functions for security. No Guarantee's offered...
+
Again, as above, make a file, name it anything you wish but make sure it has the ".php" extension, copy and paste the following lines in to it and FTP to your server.
  
Again,
+
<source lang="php">
as above, make a file, name it anything you wish but make sure it has
+
<?php
the &quot;.php&quot; extension, copy and paste the following lines in to it and
+
echo "Hostname: ". @php_uname(n) ."\n";
FTP to your server.<br />
+
if (function_exists( 'shell_exec' )) {
 +
  echo "Hostname: ". @gethostbyname(trim(`hostname`)) . "\n";
 +
} else {
 +
  echo "Server IP: ". $_SERVER['SERVER_ADDR'] . "\n";
 +
}
 +
echo "Platform: ". @php_uname(s) ." ". @php_uname(r) ." ". @php_uname(v) ."\n";
 +
echo "Architecture: ". @php_uname(m) ."\n";
 +
echo "Username: ". get_current_user () ." ( UiD: ". getmyuid() .", GiD: ". getmygid() ." )\n";
 +
echo "Curent Path: ". getcwd () ."\n";
 +
echo "Server Type: ". $_SERVER['SERVER_SOFTWARE'] . "\n";
 +
echo "Server Admin: ". $_SERVER['SERVER_ADMIN'] . "\n";
 +
echo "Server Signature: ". $_SERVER['SERVER_SIGNATURE'] ."\n";
 +
echo "Server Protocol: ". $_SERVER['SERVER_PROTOCOL'] ."\n";
 +
echo "Server Mode: ". $_SERVER['GATEWAY_INTERFACE'] ."\n";
 +
?>
 +
</source>
  
echo &quot;Hostname: &quot;. @php_uname(n) .&quot;&quot;;
+
The '''Joomla! HISA''' or '''Joomla! Tools Suite''' can also assist to determine which mode your server in running in, also providing a large amount of other related information including recommendations on configuration.
if (function_exists( 'shell_exec' )) { echo &quot;Hostname: &quot;.
+
@gethostbyname(trim(`hostname`)); } else { echo &quot;Server IP: &quot;.
+
$_SERVER['SERVER_ADDR'] .&quot;&quot;; }
+
echo &quot;Platform: &quot;. @php_uname(s) .&quot; &quot;. @php_uname(r) .&quot; &quot;. @php_uname(v) .&quot;&quot;;
+
echo &quot;Architecture: &quot;. @php_uname(m) .&quot;&quot;;
+
echo &quot;Username: &quot;. get_current_user () .&quot; ( UiD: &quot;. getmyuid() .&quot;, GiD: &quot;. getmygid() .&quot; )&quot;;
+
echo &quot;Curent Path: &quot;. getcwd () .&quot;&quot;;
+
echo &quot;Server Type: &quot;. $_SERVER['SERVER_SOFTWARE'] . &quot;&quot;;
+
echo &quot;Server Admin: &quot;. $_SERVER['SERVER_ADMIN'] . &quot;&quot;;
+
echo &quot;Server Signature: &quot;. $_SERVER['SERVER_SIGNATURE'] .&quot;&quot;;
+
echo &quot;Server Protocol: &quot;. $_SERVER['SERVER_PROTOCOL'] .&quot;&quot;;
+
echo &quot;Server Mode: &quot;. $_SERVER['GATEWAY_INTERFACE'] .&quot;&quot;;<br />
+
?&gt;
+
  
The <span style="color: blue">Joomla! HISA</span> or <span style="color: blue">Joomla! Tools Suite</span> can also assist to determine which mode your server in running in, also
+
* '''Joomla! Tools Suite''' (JTS) is a complete "Suite" of Tools to help you troubleshoot and maintain Joomla! and includes the "HISA" script.
providing a large amount of other related  information including
+
*: [http://joomlacode.org/gf/project/jts/ Download JTS Here]
recommendations on configuration;    <br />
+
* '''Joomla! Health, Installation and Security Audit''' (HISA) is a single standalone script that provides purely configuration information.
<br />
+
*: [http://joomlacode.org/gf/project/hisa/ Download HISA Here]
  
<b>Joomla! Tools Suite</b> (JTS) is a complete &quot;Suite&quot; of Tools to help you troubleshoot and maintain Joomla! and include the &quot;HISA&quot; script<br />
+
[http://forum.joomla.org/index.php/topic,136328.0.html Forum Discussion Here]
<a href="http://joomlacode.org/gf/project/jts/" target="_blank">Download JTS Here</a><br />
+
<br />
+
<b>Joomla! Health, Installation and Security Audit</b> (HISA) is a single standalone script that provides purely configuration information.<br />
+
<a href="http://joomlacode.org/gf/project/hisa/" target="_blank">Download HISA Here</a><br />
+
<br />
+
<a href="http://forum.joomla.org/index.php/topic,136328.0.html" target="_blank">Forum Discussion Here</a><br />
+
<a href="http://www.joomlatutorials.com/faq/60.html" target="_blank">How to TroubleShoot A Joomla! Installation</a><br />
+
<br />
+
Another <span style="color: navy">Indirect method</span>,
+
and possibly not 100% reliable, is that if you are unable to make use
+
of .htaccess on Linux hosting and Apache based servers then you are
+
either running in CGI mode or your host has disabled the use of
+
.htaccess even if your server is running PHP as an Apache Module. <br />
+
  
<b><span style="color: maroon">Remove these files immediately after use, the information contained in their
+
[http://www.joomlatutorials.com/faq/60.html How to TroubleShoot A Joomla! Installation]
output is extensive and explicit regarding your PHP and server
+
configurations, it will help those wishing to cause your site harm</span></b>  <br />
+
  
<span style="color: navy"><b><span style="text-decoration: underline">For those wishing to know more about &quot;How To...&quot;</span></b></span>
+
Another '''indirect method''', and possibly not 100% reliable, is that if you are unable to make use of .htaccess on Linux hosting and Apache based servers then you are either running in CGI mode or your host has disabled the use of .htaccess even if your server is running PHP as an Apache Module.
  
<span style="color: navy"><b>Running PHP as an Apache module</b></span><br />
+
'''Remove these files immediately after use, the information contained in their output is extensive and explicit regarding your PHP and server
To configure Apache to load PHP as a module to <i>'parse'</i>
+
configurations, it will help those wishing to cause your site harm'''
your PHP scripts, the httpd.conf needs to be modified, typically found
+
in &quot;c:\Program Files\Apache Group\Apache\conf\&quot; or &quot;/etc/httpd/conf/&quot;.<br />
+
  
Search for the section of the file that has a series of commented out
+
== How to... ==
&quot;LoadModule&quot; statements. (Statements prefixed by the hash &quot;#&quot; sign are
+
'''For those wishing to know more about "How To..."'''
regarded as having been commented out.) If PHP is running in &quot;Apache
+
Module&quot; Mode you should see something very similar to the following;<br />
+
  
LoadModule php4_module &quot;c:/php/php4apache.dll&quot;<br />
+
=== Running PHP as an Apache module ===
  
<b><span style="text-decoration: underline">Apache 1.x</span></b>
+
To configure Apache to load PHP as a module to '''parse''' your PHP scripts, the httpd.conf needs to be modified, typically found in "c:\Program Files\Apache Group\Apache\conf\" or "/etc/httpd/conf/".
  
<b>For PHP5</b>
+
Search for the section of the file that has a series of commented out "LoadModule" statements. (Statements prefixed by the hash "#" sign are regarded as having been commented out.) If PHP is running in "Apache Module" Mode you should see something very similar to the following;
LoadModule php5_module    C:/php/php5apache2.dll<br />
+
<i>or (platform dependant)</i><br />
+
LoadModule php5_module    /usr/lib/apache/libphp5.so<br />
+
  
 +
<source lang="apache">LoadModule php4_module "c:/php/php4apache.dll"</source>
  
<b>For PHP4</b><br />
+
==== Apache 1.x ====
  
LoadModule php4_module    libexec/libphp4.so<br />
+
===== For PHP5 =====
<i>or (platform dependant)</i><br />
+
<source lang="apache">LoadModule php5_module C:/php/php5apache2.dll</source>
 +
''or (platform dependent)''
 +
<source lang="apache">LoadModule php5_module /usr/lib/apache/libphp5.so</source>
 +
'''and'''
 +
<source lang="apache">AddModule mod_php5.c</source>
  
LoadModule php4_module     C:/php/php4apache.dll<br />
+
===== For PHP4 =====
 +
<source lang="apache">LoadModule php4_module libexec/libphp4.so</source>
 +
''or (platform dependent)''
 +
<source lang="apache">LoadModule php4_module C:/php/php4apache.dll</source>
 +
'''and'''
 +
<source lang="apache">AddModule mod_php4.c</source>
  
<i><b>and</b></i><br />
+
==== Apache 2.x ====
AddModule mod_php4.c<br />
+
<i>or</i><br />
+
AddModule mod_php5.c<br />
+
<br />
+
<b><span style="text-decoration: underline">Apache 2.x</span></b><br />
+
  
<b>For PHP5</b>
+
===== For PHP5 =====
  
LoadModule php5_module     C:/php/php5apache2.dll<br />
+
<source lang="apache">LoadModule php5_module C:/php/php5apache2.dll</source>
 +
''or (platform dependent)''
 +
<source lang="apache">LoadModule php5_module /usr/lib/apache/libphp5.so</source>
 +
'''and'''
 +
<source lang="apache">AddModule mod_php5.c</source>
  
<i>or (platform dependant)</i>
+
===== For PHP4 =====
 +
<source lang="apache">LoadModule php4_module libexec/libphp4.so</source>
 +
''or (platform dependent)''
 +
<source lang="apache">LoadModule php4_module C:/php/php4apache.dll</source>
 +
'''and'''
 +
<source lang="apache">AddModule mod_php4.c</source>
  
LoadModule php5_module    /usr/lib/apache/libphp5.so<br />
+
==== Note ====
  
<b>For PHP4</b><br />
+
Don't worry that you can't find a "mod_php4.c" or "mod_php5.c" file anywhere on your system. That directive does not cause Apache to search for the file on your system. For the curious, it specifies the order in which the various modules are enabled by the Apache server.
  
LoadModule php4_module    libexec/libphp4.so<br />
+
''If you're using Apache 2.x, you do not have to insert the AddModule directive. It's no longer needed in that version. Apache 2.x has its own internal method of determining the correct order of loading the modules.''
<i>or (platform dependant)</i><br />
+
LoadModule php4_module    C:/php/php4apache.dll<br />
+
  
<i><b>and</b></i><br />
+
Now find the "AddType" section in the file, and add the following line after the last "AddType" statement:
AddModule mod_php5.c<br />
+
  
<i>or</i><br />
+
<source lang="apache">AddType application/x-httpd-php .php</source>
AddModule mod_php4.c    <br />
+
  
<b>Note:</b><br />
+
If you need to support other file types, like ".php3" and ".phtml", simply add them to the list, like this:
Don't worry that you can't find a &quot;mod_php4.c&quot; or &quot;mod_php5.c&quot; file anywhere on your system. That directive does not cause Apache to search for the file on your system. For the curious, it specifies the order in which the various modules are enabled by the Apache server.<br />
+
<source lang="apache">
 +
AddType application/x-httpd-php .php3
 +
AddType application/x-httpd-php .phtml
 +
</source>
  
<i>If you're using Apache 2.x, you do not have to insert the AddModule directive. It's no longer needed in that version. Apache 2.x has its own internal method of determining the correct order of loading the modules.</i>
+
Run a syntax check and if all is ok, restart Apache...
  
Now find the &quot;AddType&quot; section in the file, and add the following line after the last &quot;AddType&quot; statement:
+
=== Running PHP as a CGI binary ===
  
AddType application/x-httpd-php .php<br />
+
To configure PHP to run as a CGI, again you will need to configure the httpd.conf, but confirm that the above settings are not also configured, unless you know what you are doing you can generate yourself "HTTP 500" errors. Search your Apache configuration file for the "ScriptAlias" section.
  
If you need to support other file types, like &quot;.php3&quot; and &quot;.phtml&quot;, simply add them to the list, like this:<
+
Add the following line below after the ScriptAlias for "cgi-bin".
 +
'''Note:''' The location will depend on where PHP is installed on your system, you should substitute the appropriate path in place of "c:/php/" (for example, "c:/Program Files/php/").
  
AddType application/x-httpd-php .php3<br />
+
<source lang="apache">ScriptAlias /php/ "c:/php/"</source>
AddType application/x-httpd-php .phtml<br />
+
  
Run a syntax check and if all is ok, restart Apache...<br />
+
Apache again needs to be configured for the PHP MIME type. Search for the "AddType" section, and add the following line after it:
  
<hr />
+
<source lang="apache">AddType application/x-httpd-php .php</source>
<span style="color: navy"><b>Running PHP as a CGI binary</b></span><br />
+
To configure PHP to run as a CGI, again you will need to configure the
+
httpd.conf, but confirm that the above settings are not also
+
configured, unless you now what you are doing you can generate yourself
+
&quot;HTTP 500&quot; errors. Search your Apache configuration file for the
+
&quot;ScriptAlias&quot; section.
+
  
Add the following line below after the ScriptAlias for &quot;cgi-bin&quot;. <br />
+
As in the case of running PHP as an Apache module, you can add whatever extensions you want Apache to recognise as PHP scripts, such as:
  
<b>Note:</b>
+
<source lang="apache">
 +
AddType application/x-httpd-php .php3
 +
AddType application/x-httpd-php .phtml
 +
</source>
  
The location will depend on where PHP is installed on your system, you
+
Next, you will need to tell the server to execute the PHP executable each time it encounters a PHP script. Add the following below any existing entries in the "Action" section.
should substitute the appropriate path in place of &quot;c:/php/&quot; (for
+
example, &quot;c:/Program Files/php/&quot;).<br />
+
  
ScriptAlias /php/ &quot;c:/php/&quot;<br />
+
<source lang="apache">Action application/x-httpd-php "/php/php.exe"</source>
  
Apache
+
If you notice, we have used the "ScriptAlias" reference, "/php/" portion will be recognised as the scriptAlias configured above, this is sort a path alias which will correlate to your PHP installation path configured previously. ''In other words, don't put "c:/php/php.exe" or "c:/Program Files/php/php.exe" in that directive, put "/php/php.exe", Apache WILL work it out if correctly configured.''
again needs to be configured for the PHP MIME type. Search for the
+
&quot;AddType&quot; section, and add the following line after it:<br />
+
  
<br />
+
=== Configuring the Default Index Page ===
AddType application/x-httpd-php .php<br />
+
<br />
+
As
+
in the case of running PHP as an Apache module, you can add whatever
+
extensions you want Apache to recognise as PHP scripts, such as:<br />
+
<br />
+
AddType application/x-httpd-php .php3<br />
+
AddType application/x-httpd-php .phtml<br />
+
<br />
+
<br />
+
Next,
+
you will need to tell the server to execute the PHP executable each
+
time it encounters a PHP script. Add the following below any existing
+
entries in the &quot;Action&quot; section.<br />
+
  
<br />
+
This section applies to all users, whether you are loading PHP as a module or running it as a CGI binary, and has been seen often enough to warrant a mention.
Action application/x-httpd-php &quot;/php/php.exe&quot;<br />
+
<br />
+
If
+
you notice, we have used the &quot;ScriptAlias&quot; reference, &quot;/php/&quot; portion
+
will be recognised as the scriptAlias configured above, this is sort a
+
path alias which will correlate to your PHP installation path
+
configured previously. <i>In other words, don't put &quot;c:/php/php.exe&quot;
+
or &quot;c:/Program Files/php/php.exe&quot; in that directive, put
+
  
&quot;/php/php.exe&quot;, Apache WILL work it out if correctly configured.</i><br />
+
If you want to make your PHP script execute as the default page for a directory, you have to add another line to the "httpd.conf". Simply search for the line in the file that begins with a "DirectoryIndex" and add "index.php" to the list of files on that line. For example, if the line used to be:
<hr />
+
<source lang="apache">DirectoryIndex index.html</source>
<br />
+
''change it to the following if you still wish .html files to be executed before .php files''
<br />
+
<source lang="apache">DirectoryIndex index.html index.php</source>
<span style="color: navy"><b>Configuring the Default Index Page</b></span><br />
+
''or change it to the following if you wish .php files to be executed before .html files''
This section applies to all users, whether you are loading PHP as a module
+
<source lang="apache">DirectoryIndex index.php index.html</source>
or running it as a CGI binary, and has been seen often enough to
+
warrant a mention.<br />
+
<br />
+
If you want to make your PHP script execute
+
as the default page for a directory, you have to add another line to
+
the &quot;httpd.conf&quot;. Simply search for the line in the file that begins
+
with a &quot;DirectoryIndex&quot; and add &quot;index.php&quot; to the list of files on
+
that line. For example, if the line used to be:<br />
+
  
<br />
+
The next time you access the site or a directory within a site without a filename, Apache will "auto-magically" deliver "index.php" if available, or "index.html" if "index.php" is not available.
DirectoryIndex index.html<br />
+
<noinclude>[[Category:FAQ]]
<br />
+
<i>change it to</i><br />
+
<br />
+
DirectoryIndex index.html index.php<br />
+
<i>If you still wish .html files to be executed before .php files</i><br />
+
<br />
+
<i>or</i><br />
+
DirectoryIndex index.php index.html<br />
+
<i>If you wish .php files to be executed before .html files</i><br />
+
 
+
<br />
+
The next time you access the site or a directory within a site without a
+
filename, Apache will &quot;auto-magically&quot; deliver &quot;index.php&quot; if
+
available, or &quot;index.html&quot; if &quot;index.php&quot; is not available.
+
 
+
[[Category:FAQ]]
+
 
[[Category:Administration FAQ]]
 
[[Category:Administration FAQ]]
 
[[Category:Installation FAQ]]
 
[[Category:Installation FAQ]]
 
[[Category:Upgrading and Migrating FAQ]]
 
[[Category:Upgrading and Migrating FAQ]]
[[Category:Version 1.5 FAQ]]
+
[[Category:Version 1.5 FAQ]]</noinclude>

Latest revision as of 16:17, 1 September 2012

There are two ways to configure Apache to use PHP:

  1. Configure Apache to load the PHP interpreter as an Apache module
  2. Configure Apache to run the PHP interpreter as a CGI binary

(PS: Windows IIS normaly configures as CGI by the way)

It is the intention of this post to provide you information relating to the configuration and recognition of each method. "In general" historically only one method or the other has been implemented, however, with the architectural changes made to PHP starting with PHP5, it has been quite common for hosting firms to configure for both. One version running as CGI and one version running as a Module. It is generally accepted more recently that running PHP as a CGI is more secure, however, running PHP as an Apache Module does have a slight performance gain and is generally how most pre-configured systems will be delivered out of the box.

Contents

What is the difference between CGI and apache Module Mode?

An Apache module is compiled into the Apache binary, so the PHP interpreter runs in the Apache process, meaning that when Apache spawns a child, each process already contains a binary image of PHP. A CGI is executed as a single process for each request, and must make an exec() or fork() call to the PHP executable, meaning that each request will create a new process of the PHP interpreter. Apache is much more efficient in it's ability to handle requests, and managing resources, making the Apache module slightly faster than the CGI (as well as more stable under load).

CGI Mode on the other hand, is more secure because the server now manages and controls access to the binaries. PHP can now run as your own user rather than the generic Apache user. This means you can put your database passwords in a file readable only by you and your php scripts can still access it! The "Group" and "Other" permissions (refer Where can you learn more about file permissions?) can now be more restrictive. CGI mode is also claimed to be more flexible in many respects as you should now not see, with phpSuExec (refer Permissions under phpSuExec) issues with file ownership being taken over by the Apache user, therefore you should no longer have problems under FTP when trying to access or modify files that have been uploaded through a PHP interface, such as Joomla! upload options.

If your server is configured to run PHP as an Apache module, then you will have the choice of using either php.ini or Apache .htaccess files, however, if your server runs PHP in CGI mode then you will only have the choice of using php.ini files locally to change settings, as Apache is no longer in complete control of PHP.

Testing and Reviewing Your PHP Installation

Also known as "Everything you ever wanted and didn't want to know about PHP"

To find out the PHP interpreter mode and to generally test your PHP installation and to find out a vast amount of information about your PHP environment, supported utilities, applications and settings, you create a single PHP file containing only the following lines:

<?php
 phpinfo();
?>

This single line of code outputs an amazing amount of information, be warned.... Icon wink.gif

Save the file as any filename you wish, but with the ".php" extension. FTP it to your server and open it in a browser.

Other useful information

The following are PHP functions, that when run from a PHP File can provide some useful information, (less than the above option) many should run on most hosts, however many hosts disable some of these functions for security. No guarantees offered...

Again, as above, make a file, name it anything you wish but make sure it has the ".php" extension, copy and paste the following lines in to it and FTP to your server.

<?php
 echo "Hostname: ". @php_uname(n) ."\n";
 if (function_exists( 'shell_exec' )) {
  echo "Hostname: ". @gethostbyname(trim(`hostname`)) . "\n";
 } else {
  echo "Server IP: ". $_SERVER['SERVER_ADDR'] . "\n";
 }
 echo "Platform: ". @php_uname(s) ." ". @php_uname(r) ." ". @php_uname(v) ."\n";
 echo "Architecture: ". @php_uname(m) ."\n";
 echo "Username: ". get_current_user () ." ( UiD: ". getmyuid() .", GiD: ". getmygid() ." )\n";
 echo "Curent Path: ". getcwd () ."\n";
 echo "Server Type: ". $_SERVER['SERVER_SOFTWARE'] . "\n";
 echo "Server Admin: ". $_SERVER['SERVER_ADMIN'] . "\n";
 echo "Server Signature: ". $_SERVER['SERVER_SIGNATURE'] ."\n";
 echo "Server Protocol: ". $_SERVER['SERVER_PROTOCOL'] ."\n";
 echo "Server Mode: ". $_SERVER['GATEWAY_INTERFACE'] ."\n";
?>

The Joomla! HISA or Joomla! Tools Suite can also assist to determine which mode your server in running in, also providing a large amount of other related information including recommendations on configuration.

  • Joomla! Tools Suite (JTS) is a complete "Suite" of Tools to help you troubleshoot and maintain Joomla! and includes the "HISA" script.
    Download JTS Here
  • Joomla! Health, Installation and Security Audit (HISA) is a single standalone script that provides purely configuration information.
    Download HISA Here

Forum Discussion Here

How to TroubleShoot A Joomla! Installation

Another indirect method, and possibly not 100% reliable, is that if you are unable to make use of .htaccess on Linux hosting and Apache based servers then you are either running in CGI mode or your host has disabled the use of .htaccess even if your server is running PHP as an Apache Module.

Remove these files immediately after use, the information contained in their output is extensive and explicit regarding your PHP and server configurations, it will help those wishing to cause your site harm

How to...

For those wishing to know more about "How To..."

Running PHP as an Apache module

To configure Apache to load PHP as a module to parse your PHP scripts, the httpd.conf needs to be modified, typically found in "c:\Program Files\Apache Group\Apache\conf\" or "/etc/httpd/conf/".

Search for the section of the file that has a series of commented out "LoadModule" statements. (Statements prefixed by the hash "#" sign are regarded as having been commented out.) If PHP is running in "Apache Module" Mode you should see something very similar to the following;

LoadModule php4_module "c:/php/php4apache.dll"

Apache 1.x

For PHP5
LoadModule php5_module C:/php/php5apache2.dll

or (platform dependent)

LoadModule php5_module /usr/lib/apache/libphp5.so

and

AddModule mod_php5.c
For PHP4
LoadModule php4_module libexec/libphp4.so

or (platform dependent)

LoadModule php4_module C:/php/php4apache.dll

and

AddModule mod_php4.c

Apache 2.x

For PHP5
LoadModule php5_module C:/php/php5apache2.dll

or (platform dependent)

LoadModule php5_module /usr/lib/apache/libphp5.so

and

AddModule mod_php5.c
For PHP4
LoadModule php4_module libexec/libphp4.so

or (platform dependent)

LoadModule php4_module C:/php/php4apache.dll

and

AddModule mod_php4.c

Note

Don't worry that you can't find a "mod_php4.c" or "mod_php5.c" file anywhere on your system. That directive does not cause Apache to search for the file on your system. For the curious, it specifies the order in which the various modules are enabled by the Apache server.

If you're using Apache 2.x, you do not have to insert the AddModule directive. It's no longer needed in that version. Apache 2.x has its own internal method of determining the correct order of loading the modules.

Now find the "AddType" section in the file, and add the following line after the last "AddType" statement:

AddType application/x-httpd-php .php

If you need to support other file types, like ".php3" and ".phtml", simply add them to the list, like this:

AddType application/x-httpd-php .php3
AddType application/x-httpd-php .phtml

Run a syntax check and if all is ok, restart Apache...

Running PHP as a CGI binary

To configure PHP to run as a CGI, again you will need to configure the httpd.conf, but confirm that the above settings are not also configured, unless you know what you are doing you can generate yourself "HTTP 500" errors. Search your Apache configuration file for the "ScriptAlias" section.

Add the following line below after the ScriptAlias for "cgi-bin". Note: The location will depend on where PHP is installed on your system, you should substitute the appropriate path in place of "c:/php/" (for example, "c:/Program Files/php/").

ScriptAlias /php/ "c:/php/"

Apache again needs to be configured for the PHP MIME type. Search for the "AddType" section, and add the following line after it:

AddType application/x-httpd-php .php

As in the case of running PHP as an Apache module, you can add whatever extensions you want Apache to recognise as PHP scripts, such as:

AddType application/x-httpd-php .php3
AddType application/x-httpd-php .phtml

Next, you will need to tell the server to execute the PHP executable each time it encounters a PHP script. Add the following below any existing entries in the "Action" section.

Action application/x-httpd-php "/php/php.exe"

If you notice, we have used the "ScriptAlias" reference, "/php/" portion will be recognised as the scriptAlias configured above, this is sort a path alias which will correlate to your PHP installation path configured previously. In other words, don't put "c:/php/php.exe" or "c:/Program Files/php/php.exe" in that directive, put "/php/php.exe", Apache WILL work it out if correctly configured.

Configuring the Default Index Page

This section applies to all users, whether you are loading PHP as a module or running it as a CGI binary, and has been seen often enough to warrant a mention.

If you want to make your PHP script execute as the default page for a directory, you have to add another line to the "httpd.conf". Simply search for the line in the file that begins with a "DirectoryIndex" and add "index.php" to the list of files on that line. For example, if the line used to be:

DirectoryIndex index.html

change it to the following if you still wish .html files to be executed before .php files

DirectoryIndex index.html index.php

or change it to the following if you wish .php files to be executed before .html files

DirectoryIndex index.php index.html

The next time you access the site or a directory within a site without a filename, Apache will "auto-magically" deliver "index.php" if available, or "index.html" if "index.php" is not available.