PHP5 as a CGI

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

(In Apache2)

I have this setup and using the new CGI daemon interface... no probs.
However the binary is accessible via the browser. I suppose I wouldn't even
make this an issue but I get this when accessing the binary:
Warning: Unexpected character in input: '' (ASCII=16) state=1 in
/usr/local/bin/php on line 4777
Parse error: parse error, unexpected T_STRING in /usr/local/bin/php on line

So I'm wondering if there is a more secure way to install the binary? or
perhaps I'm doing something wrong. Here is my relevant apache config
ScriptAlias /php/ /usr/daemon/httpd/php/
AddType application/x-httpd-php          .php .phtml
AddType application/x-httpd-php-source   .phps

Action application/x-httpd-php "/php/php"

I compiled the cgi binary "without_redirect", ""without_discard",
"without_fastcgi", "without_pathinfo".

Re: PHP5 as a CGI

Jupiter's Song wrote:
Quoted text here. Click to load it

I've had bad experiences with running PHP5 as a CGI app on Apache2.  I
don't recommend it.  Additionally, I've been told that there are major
security concerns about this.  Check out Supposedly, they have
also been documented at

I recommend installing it as a module.

I remember that it took me a while to get it working properly (I'm not
yet an Apache guru) but I don't remember what my problem(s) were either.

Good luck!


Re: PHP5 as a CGI

Quoted text here. Click to load it

Well my install was working great; 'cept for the binary being accessible via
the browser and outputting a nasty php error (I think it's because I
compiled it without the "force redirect" option.)

Also I am not aware of any current exploits (excluding poor server side
programming which is a problem for any of the installs).


Site Timeline