Delicious Bookmark this on Delicious Share on Facebook SlashdotSlashdot It! Digg! Digg

PHP : Security : Installed as CGI binary : Case 1: only public files served

Case 1: only public files served

If your server does not have any content that is not restricted by password or ip based access control, there is no need for these configuration options. If your web server does not allow you to do redirects, or the server does not have a way to communicate to the PHP binary that the request is a safely redirected request, you can specify the option --enable-force-cgi-redirect to the configure script. You still have to make sure your PHP scripts do not rely on one or another way of calling the script, neither by directly nor by redirection

Redirection can be configured in Apache by using AddHandler and Action directives (see below).

Code Examples / Notes » security.cgi_bin.default


Please, make hrefrences to previos & netx page of this manual on this page under text of chapter (not oly under comments) as it was on a previus pages. Thx, GL.

Change Language

Follow Navioo On Twitter
Possible attacks
Case 1: only public files served
Case 2: using --enable-force-cgi-redirect
Case 3: setting doc_root or user_dir
Case 4: PHP parser outside of web tree
eXTReMe Tracker