Facing security problem

sahdev
sahdev used Ask the Experts™
on
I have tried my level best to configure the PHP, after setting the all configuration i got this error. what does it mean or plz tell me what i need to do more.

FACING ERROR!
----------------------------
Security Alert! The PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive.

For more information as to why this behaviour exists, see the manual page for CGI security.

For more information about changing this behaviour or re-enabling this webserver, consult the installation file that came with this distribution, or visit the manual page.
-----------------------------

Thankx in advance
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

this is a pretty common thing with CGI's.  You should read the PHP manual as the error message suggests, particularly the section on CGI security.  Having cgi-force-redirect on is usually a good thing, but not necessary all of the time (ie. if your php.exe file is outside your document root, you shouldn't need this enabled).  Please read the manual...

http://www.php.net/manual/en/security.cgi-bin.php


it essentially boils down to you have needed to --disable-force-cgi-redirect in your 'configure' script before compiling.  You could also set cgi.force_redirect=0 in php.ini

Here's a user comment from this PHP manual page:

http://www.php.net/manual/en/faq.installation.php

thalescm at uol dot com dot br
31-May-2002 03:46      
Several users that tried to install PHP4 under Windows with the servers Apache, PWS or Xitami receives this message when trying to open a php script file:

"Security Alert! PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set. This variable is set, for example, by Apache's Action directive redirect.

You may disable this restriction by recompiling the PHP binary with the --disable-force-cgi-redirect switch. If you do this and you have your PHP CGI binary accessible somewhere in your web tree, people will be able to circumvent .htaccess security by loading files through the PHP parser. A good way around this is to define doc_root in your php.ini file to something other than your top-level DOCUMENT_ROOT. This way you can separate the part of your web space which uses PHP from the normal part using .htaccess security. If you do not have any .htaccess restrictions anywhere on your site you can leave doc_root undefined. If you are running IIS, you may safely set cgi.force_redirect=0 in php.ini."

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial