Apache Module
Apache module configuration directives
CGI redirection module/action module
CGI
Virtual hosts
Security
PHP is a powerful language and the interpreter, whether included in a web server as a module or
executed as a separate CGI binary, is able to access files, execute commands and open network
connections on the server. These properties make anything run on a web server insecure by default. PHP
is designed specifically to be a more secure language for writing CGI programs than Perl or C, and with
correct selection of compile-time and runtime configuration options it gives you exactly the combination
of freedom and security you need.
As there are many different ways of utilizing PHP, there are many configuration options controlling its
behaviour. A large selection of options guarantees you can use PHP for a lot of purposes, but it also
means there are combinations of these options and server configurations that result in an insecure setup.
This chapter explains the different configuration option combinations and the situations they can be
safely used.
CGI binary
Possible attacks
Using PHP as a CGI binary is an option for setups that for some reason do not wish to integrate PHP as a
module into server software (like Apache), or will use PHP with different kinds of CGI wrappers to
73