I have absolutely no idea if this will help, but i've never seen that "Security Alert", and this is the way i've always configured Apache:
Try routing PHP requests through a ScriptAlias like so: ScriptAlias /php-bin/ "C:\PHP" Action application/x-httpd-php "/php-bin/php.exe" --- Scott Hurring Systems Programmer EAC Corporation [EMAIL PROTECTED] Voice: 201-462-2149 Fax: 201-288-1515 > -----Original Message----- > From: Webmaster [mailto:[EMAIL PROTECTED]] > Subject: [PHP-WIN] Re: Security Alert!-cgi.force_redirect=0 > > You might need to have the second line in PHP.INI too: > > cgi.force_redirect=0 > cgi.redirect_status_env ENV_VAR_NAME > > > Cor van de Veen > > > "Matthew Gotth-Olsen" <[EMAIL PROTECTED]> schreef in bericht > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I'm running IIS on a WinXP box, I've got everything > installed, however > > whenever I try to access a php script I get this error > which I'm sure you > > all are familiar with: > > > > > ---------------------------------------------------------------------- > > Security Alert! PHP CGI cannot be accessed directly. > > This PHP CGI binary was compiled with force-cgi-redirect > enabled. This > means > > that a page will only be served up if the REDIRECT_STATUS > CGI variable is > > set. This variable is set, for example, by Apache's Action directive > > redirect. > > > > You may disable this restriction by recompiling the PHP binary with > > the --disable-force-cgi-redirect switch. If you do this and > you have your > > PHP CGI binary accessible somewhere in your web tree, > people will be able > to > > circumvent .htaccess security by loading files through the > PHP parser. A > > good way around this is to define doc_root in your php.ini file to > something > > other than your top-level DOCUMENT_ROOT. This way you can > separate the > part > > of your web space which uses PHP from the normal part using > .htaccess > > security. If you do not have any .htaccess restrictions > anywhere on your > > site you can leave doc_root undefined. If you are running > IIS, you may > > safely set cgi.force_redirect=0 in > > > php.ini. > ------------------------------------------------------------------- > > ------- > > > > So I reread through the documentation, and I made sure that > > "cgi.force_redirect=0" under my php.ini under c:\windows\ is there > something > > I'm missing? I've tried the insteller and the manual > install, and bothe > give > > me the same message... I've even tried removing php completely and > > re-installing it both ways... no dice... an help would be > appreciated... -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
