By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,619 Members | 1,534 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,619 IT Pros & Developers. It's quick & easy.

PHP5 as a CGI

P: n/a
(In Apache2)

I have this setup and using the new CGI daemon interface... no probs.
However the binary is accessible via the browser. I suppose I wouldn't even
make this an issue but I get this when accessing the binary:
Warning: Unexpected character in input: '' (ASCII=16) state=1 in
/usr/local/bin/php on line 4777
Parse error: parse error, unexpected T_STRING in /usr/local/bin/php on line
4777

So I'm wondering if there is a more secure way to install the binary? or
perhaps I'm doing something wrong. Here is my relevant apache config
directives:
ScriptAlias /php/ /usr/daemon/httpd/php/
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps

Action application/x-httpd-php "/php/php"
I compiled the cgi binary "without_redirect", ""without_discard",
"without_fastcgi", "without_pathinfo".
Jul 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Jupiter's Song wrote:
(In Apache2)

I have this setup and using the new CGI daemon interface... no probs.
However the binary is accessible via the browser. I suppose I wouldn't even
make this an issue but I get this when accessing the binary:
Warning: Unexpected character in input: '' (ASCII=16) state=1 in
/usr/local/bin/php on line 4777
Parse error: parse error, unexpected T_STRING in /usr/local/bin/php on line
4777

So I'm wondering if there is a more secure way to install the binary? or
perhaps I'm doing something wrong. Here is my relevant apache config
directives:
ScriptAlias /php/ /usr/daemon/httpd/php/
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps

Action application/x-httpd-php "/php/php"
I compiled the cgi binary "without_redirect", ""without_discard",
"without_fastcgi", "without_pathinfo".


I've had bad experiences with running PHP5 as a CGI app on Apache2. I
don't recommend it. Additionally, I've been told that there are major
security concerns about this. Check out
http://www.php.net/manual/en/security.cgi-bin.php Supposedly, they have
also been documented at www.phrack.org

I recommend installing it as a module.
http://www.php.net/manual/en/install.unix.apache2.php

I remember that it took me a while to get it working properly (I'm not
yet an Apache guru) but I don't remember what my problem(s) were either.

Good luck!

--TekWiz
Jul 17 '05 #2

P: n/a
"TekWiz" <te****@twarlick.net> wrote in message
news:d1**********@aunews.duc.auburn.edu...
Jupiter's Song wrote:
(In Apache2)

I have this setup and using the new CGI daemon interface... no probs.
However the binary is accessible via the browser. I suppose I wouldn't
even make this an issue but I get this when accessing the binary:
Warning: Unexpected character in input: '' (ASCII=16) state=1 in
/usr/local/bin/php on line 4777
Parse error: parse error, unexpected T_STRING in /usr/local/bin/php on
line 4777

So I'm wondering if there is a more secure way to install the binary? or
perhaps I'm doing something wrong. Here is my relevant apache config
directives:
ScriptAlias /php/ /usr/daemon/httpd/php/
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps

Action application/x-httpd-php "/php/php"
I compiled the cgi binary "without_redirect", ""without_discard",
"without_fastcgi", "without_pathinfo".


I've had bad experiences with running PHP5 as a CGI app on Apache2. I
don't recommend it. Additionally, I've been told that there are major
security concerns about this. Check out
http://www.php.net/manual/en/security.cgi-bin.php Supposedly, they have
also been documented at www.phrack.org

I recommend installing it as a module.
http://www.php.net/manual/en/install.unix.apache2.php

I remember that it took me a while to get it working properly (I'm not yet
an Apache guru) but I don't remember what my problem(s) were either.

Good luck!

--TekWiz

Well my install was working great; 'cept for the binary being accessible via
the browser and outputting a nasty php error (I think it's because I
compiled it without the "force redirect" option.)

Also I am not aware of any current exploits (excluding poor server side
programming which is a problem for any of the installs).

ty
Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.