httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Timothy Stone <cityli...@petmystone.com>
Subject [users@httpd] securing Apache 2 + PHP on Win2k
Date Fri, 20 Feb 2004 14:12:43 GMT
List,

I have done my research. I have been to MARC and did a requisite search, 
but nothing is really answering a lingering doubt that I have about 
running PHP with Apache 2 on Win2k. I just don't have the same options 
for securing as I do on *nix.

My heaviest doubt stems from this statement the latest PHP (4.3.4) distro:

<readme>
   If you wish to install PHP as a CGI binary, read this first:

     http://www.cert.org/advisories/CA-1996-11.html

   and then if you are really sure, insert these lines to your conf file:

    ScriptAlias /php/ "c:/php/"
    AddType application/x-httpd-php .php
    Action application/x-httpd-php "/php/php.exe"

   Note, we consider installing PHP like this suicidal.
</readme>

Suicidal!? Damn, that's harsh. So how does one do this on Windows. The 
reality is that the module on Apache 2 is experimental at best, and I 
need production stability, so CGI is recommended. If the above 
configuration is "suicidal" by the standards of the best minds at PHP, 
then a lot of HOW-TOs need work, this is the very configuration recommended.

Can anyone out there elaborate on a this setup and provide tips.

I would like to note that the cited advisory is almost 10 years old, and 
many of the sites that it references, and are linked too, are equally as 
old.

Has it got better?

Finally, I'm an Java Programmer by trade, turned admin, running Apache 2 
on WinXP with Tomcat in a load balanced mod_jk environment. So PHP is 
new to me. I'm deploying PHP due to outside development house 
requirements that need PHP to install a new website on our servers.

Many thanks in advance for any and all tips, suggestions, pointers to 
HOW-TOs *that are current.* :)

Regards,
Tim


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message