php-windows Digest 18 Mar 2002 11:55:05 -0000 Issue 1052
Topics (messages 12668 through 12670):
Re: How do you install PHP on Win98 with PWS?
12668 by: Keith Hughes
Error after installation
12669 by: Erik Pepping
Sessions
12670 by: Alberto. Sartori
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Okay, I've just got this message:
Security Alert! PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means
that a page will only be served up if the REDIRECT_STATUS CGI variable is
set. This variable is set, for example, by Apache's Action directive
redirect.
You may disable this restriction by recompiling the PHP binary with
the --disable-force-cgi-redirect switch. If you do this and you have your
PHP CGI binary accessible somewhere in your web tree, people will be able to
circumvent .htaccess security by loading files through the PHP parser. A
good way around this is to define doc_root in your php.ini file to something
other than your top-level DOCUMENT_ROOT. This way you can separate the part
of your web space which uses PHP from the normal part using .htaccess
security. If you do not have any .htaccess restrictions anywhere on your
site you can leave doc_root undefined. If you are running IIS, you may
safely set cgi.force_redirect=0 in php.ini.
I've found the redirect_status cgi to 0 (and off) and it still doesn't work.
If you can help, that'd be great.
Keith
--- End Message ---
--- Begin Message ---
When i run a script test.php after installation on windows 2000 with IIS4 I
get the mesage in a browser window:
Security Alert! PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means
that a page will only be served up if the REDIRECT_STATUS CGI variable is
set. This variable is set, for example, by Apache's Action directive
redirect.
You may disable this restriction by recompiling the PHP binary with
the --disable-force-cgi-redirect switch. If you do this and you have your
PHP CGI binary accessible somewhere in your web tree, people will be able to
circumvent .htaccess security by loading files through the PHP parser. A
good way around this is to define doc_root in your php.ini file to something
other than your top-level DOCUMENT_ROOT. This way you can separate the part
of your web space which uses PHP from the normal part using .htaccess
security. If you do not have any .htaccess restrictions anywhere on your
site you can leave doc_root undefined. If you are running IIS, you may
safely set cgi.force_redirect=0 in php.ini.
I did set cgi.force_redirect=0 in php.ini which in located in c:\windows
directory and c:\winnt directory
What could be wrong ??
Erik Pepping
--- End Message ---
--- Begin Message ---
Hi guys, as you know the php session are stored in a little file on the server. But
like ASP, is there a way to store them in the memory of the server? Thanks to all
Best regards, Alb
Alberto Sartori - Developer
Hard Programming Dep.
--- End Message ---
