[cgiwrap-users] Getting php to work with cgiwrap (transparently)
Brought to you by:
nneul
Menu
▾
▴
[cgiwrap-users] Getting php to work with cgiwrap (transparently)
|
From: Ben L. <be...@wb...> - 2001-12-06 14:01:47
|
Hello, I have a PHP/database-driven website. I'm sure ya'll are familiar with the problem: I need the database password to be kept in an include file readable by the webserver which runs as user nobody--my files therefore have to be readable by the world (I'm on a shared host), exposing my password to everyone else on the system. I develop my website on my home machine (Redhat 7.1, Apache 1.3, PHP 4.0), so I thought I'd install cgiwrap (v3.7.1) on my machine and attempt to get things to work here first (before trying on my hosting provider). So far, I've gotten cgiwrap to work just fine with ordinary cgi scripts. My docroot is /home/ben/www, and the cgi-bin is /home/ben/www/scgi-bin. Now, what I want is for the PHP scripts to be parsed under my userid (instead of "apache") without having to put a shabang at the beginning of each PHP script, and without the scripts having to be put in a special directory. The Phorum (http://www.phorum.org) docs suggest one manner of doing this: <snip doc=security.txt> With apache, it is moderately easy to wrap your php scripts, and you don't even need to change the script extensions. You do, however, need to have a copy of the CGI version of PHP3 available in your cgi-bin directory. You first need to set up an Addtype in the .htaccess file which resides in your Phorum install directory. This setting overrides the default .php setting: AddType application/x-httpd-wphp php And then set up an action for this new type: Action application/x-httpd-wphp /cgi-sys/php-cgiwrap/username/php3.cgi In this case, php-cgiwrap is the wrapper script that your provider has put in place, and it runs the PHP binary with user permissions in the specified user's cgi-bin directory. </snip> I think I get the idea here. Instead of my PHP scripts being the cgi scripts, the PHP binary is, and it knows what to do with my scripts. Sounds good to me, but it didn't work. Here's what the virtualhost section of my httpd.conf file looks like: <VirtualHost 192.168.1.40> DocumentRoot /home/ben/www ServerName ben.log.cabin ServerAlias ben ScriptAlias /scgi-bin/ /var/www/cgi-bin/ <Directory /home/ben/www> AllowOverride All </Directory> </VirtualHost> And here's my .htaccess file in /home/ben/www RemoveType php #Just to get rid of the previous default AddType application/x-httpd-wphp php Action application/x-httpd-wphp /scgi-bin/cgiwrap/ben/php Of course, I put the CGI version of PHP in /home/ben/www/scgi-bin. Then I visit http://ben/index.php, and it dumps the unparsed php script to the client. Replacing cgiwrap with cgiwrapd in the .htaccess file does the same thing. So I thought maybe the "RemoveType php" wasn't doing what I thought it should. I changed the .htaccess file to this: AddType application/x-httpd-wphp pcgi Action application/x-httpd-wphp /scgi-bin/cgiwrap/ben/php Now at least I know cgiwrap is getting called...it gives an Internal Server Error. If I replace cgiwrap with cgiwrapd now, it gives the usual info, but after "Output of script follows:" there's nothing. I don't see any error messages anywhere. The other thing I tried (I don't know much about configuring Apache, so please bear with me :) was changing my .htaccess config file to read: Action test-action /scgi-bin/cgiwrap/ben/php AddHandler test-action .pcgi I get the same results, though. Also, my httpd error logs report [client 192.168.1.40] Premature end of script headers: /var/www/cgi-bin/cgiwrap Sorry this message is lengthy, I just hoped to give enough info to be useful. I'd really appreciate any help you can give. Thanks, Ben Logan -- Ben Logan: ben at wblogan dot net OpenPGP Key KeyID: A1ADD1F0 |
