Menu
▾
▴
phpwebsite-developers
|
From: Tuc at T-B-O-H.N. <ml...@t-...> - 2007-05-01 17:41:26
|
Hi,
To start:
OS - FreeBSD 4
Web Server - Apache 1.3.37
Database - Mysql 4.1.22
PHP - 4.4.4 with Suhosin-Patch 0.9.6
phpWebSite - Out of box, unconfigured
I'm trying to run under CGIWRAP for Php, which is forcing me to
run via the command line. In doing so, I really can't seem to get too far
on this.
Out of the box, I try to run the "index.php" and nothing
returns :
vjofn# php index.php
vjofn#
If I look at the script, it wants to redirect me to "./setup/index.php".
So if I start that...
vjofn# php index.php |more
session.auto_start must be set to 0 for phpWebSite to work. Please review your p
hp.ini file.
Ok, not a problem, lets make it happy...
vjofn# php -dsession.auto_start=0 index.php | head
<html>
<head>
<title>phpWebSite 1.1.0 - Directory Permissions</title>
<style type="text/css">
body {
background-color : #ADB583;
font-size : 100%;
font-family: Arial, Helvetica, sans-serif;
color : #0E1662;
}
Which isn't bad, except since its running from the command line,
not the Apache module, its expected to return Content Type headers and
possibly other things.....
Is there something special I need to tweak/do first before being
able to run with the command line module, not apache mod_php?
Thanks, Tuc
|
|
From: Tuc at T-B-O-H.N. <ml...@t-...> - 2007-05-01 20:30:33
|
Hi,
Good news and bad news....
Good news : I found there is another program, php-cgi that DOES give
me the headers. So now I get them, index.php redirects to setup/index.php .
Bad news: Even though I try to attempt to override the
session.auto_start via either the command line, or pointing to a new
php.ini.... It doesn't accept it.
So back at square one.
Still looking for help.
Tuc
>
> Hi,
>
> To start:
>
> OS - FreeBSD 4
> Web Server - Apache 1.3.37
> Database - Mysql 4.1.22
> PHP - 4.4.4 with Suhosin-Patch 0.9.6
> phpWebSite - Out of box, unconfigured
>
> I'm trying to run under CGIWRAP for Php, which is forcing me to
> run via the command line. In doing so, I really can't seem to get too far
> on this.
>
> Out of the box, I try to run the "index.php" and nothing
> returns :
>
> vjofn# php index.php
> vjofn#
>
> If I look at the script, it wants to redirect me to "./setup/index.php".
> So if I start that...
>
> vjofn# php index.php |more
> session.auto_start must be set to 0 for phpWebSite to work. Please review your p
> hp.ini file.
>
> Ok, not a problem, lets make it happy...
>
> vjofn# php -dsession.auto_start=0 index.php | head
> <html>
> <head>
> <title>phpWebSite 1.1.0 - Directory Permissions</title>
> <style type="text/css">
> body {
> background-color : #ADB583;
> font-size : 100%;
> font-family: Arial, Helvetica, sans-serif;
> color : #0E1662;
> }
>
> Which isn't bad, except since its running from the command line,
> not the Apache module, its expected to return Content Type headers and
> possibly other things.....
>
> Is there something special I need to tweak/do first before being
> able to run with the command line module, not apache mod_php?
>
> Thanks, Tuc
|
|
From: Shaun M. <sh...@ae...> - 2007-05-02 14:21:40
|
It's not supposed to work via the command line AFAIK, although it's
certainly an interesting idea for initial installation.
On 1 May 2007, at 18:40, Tuc at T-B-O-H.NET wrote:
> Hi,
>
> To start:
>
> OS - FreeBSD 4
> Web Server - Apache 1.3.37
> Database - Mysql 4.1.22
> PHP - 4.4.4 with Suhosin-Patch 0.9.6
> phpWebSite - Out of box, unconfigured
>
> I'm trying to run under CGIWRAP for Php, which is forcing me to
> run via the command line. In doing so, I really can't seem to get
> too far
> on this.
>
> Out of the box, I try to run the "index.php" and nothing
> returns :
>
> vjofn# php index.php
> vjofn#
>
> If I look at the script, it wants to redirect me to "./setup/
> index.php".
> So if I start that...
>
> vjofn# php index.php |more
> session.auto_start must be set to 0 for phpWebSite to work. Please
> review your p
> hp.ini file.
>
> Ok, not a problem, lets make it happy...
>
> vjofn# php -dsession.auto_start=0 index.php | head
> <html>
> <head>
> <title>phpWebSite 1.1.0 - Directory Permissions</title>
> <style type="text/css">
> body {
> background-color : #ADB583;
> font-size : 100%;
> font-family: Arial, Helvetica, sans-serif;
> color : #0E1662;
> }
>
> Which isn't bad, except since its running from the command line,
> not the Apache module, its expected to return Content Type headers and
> possibly other things.....
>
> Is there something special I need to tweak/do first before being
> able to run with the command line module, not apache mod_php?
>
> Thanks, Tuc
>
> ----------------------------------------------------------------------
> ---
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Phpwebsite-developers mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers
Shaun
aegis design - http://www.aegisdesign.co.uk
aegis hosting - http://www.aegishosting.co.uk
|
|
From: Matthew M. <ma...@tu...> - 2007-05-03 12:20:58
|
> I'm trying to run under CGIWRAP for Php, which is forcing me to > run via the command line. In doing so, I really can't seem to get > too far > on this. My lack of response is due to my inexperience with running php in cgi mode. Should anyone have insight what can be changed to enable the script in this environment, I'd be happy to make the changes. -- Matthew McNaney Electronic Student Services Appalachian State University http://phpwebsite.appstate.edu |
|
From: Tuc at T-B-O-H.N. <ml...@t-...> - 2007-05-03 22:18:44
|
> > > I'm trying to run under CGIWRAP for Php, which is forcing me to > > run via the command line. In doing so, I really can't seem to get > > too far > > on this. > > My lack of response is due to my inexperience with running php in cgi > mode. Should anyone have insight what can be changed to enable the > script in this environment, I'd be happy to make the changes. > I'm being told from the CGIWRAP people that it should "WORK", but when I post my CGIWRAP config, I get a deafening silence....... What are others using for PHP security? Thanks, Tuc |
|
From: Shaun M. <sh...@ae...> - 2007-05-04 06:55:24
|
On 3 May 2007, at 23:18, Tuc at T-B-O-H.NET wrote: >> >>> I'm trying to run under CGIWRAP for Php, which is forcing me to >>> run via the command line. In doing so, I really can't seem to get >>> too far >>> on this. >> >> My lack of response is due to my inexperience with running php in cgi >> mode. Should anyone have insight what can be changed to enable the >> script in this environment, I'd be happy to make the changes. >> > I'm being told from the CGIWRAP people that it should "WORK", > but when I post my CGIWRAP config, I get a deafening silence....... > > What are others using for PHP security? I've used phpsuexec in the past which runs PHP as a CGI.I It's common on cPanel based servers. Mostly I don't though. It's too restrictive. It doesn't force you to use the commandline though from what I remember of it. For the types of attacks I get I find mod_security, a decent firewall and a couple of changes to my mail server are enough to work with. More work for me perhaps but less restrictions on my users, namely not having .htaccess use, which is the biggest restriction with phpsuexec and most of the cgi methods. I know most of my users too and watch any new users I don't. Shaun aegis design - http://www.aegisdesign.co.uk aegis hosting - http://www.aegishosting.co.uk |
|
From: Verdon V. <ve...@ve...> - 2007-05-04 11:47:09
|
On 4-May-07, at 2:55 AM, Shaun Murray wrote: > > On 3 May 2007, at 23:18, Tuc at T-B-O-H.NET wrote: > >>> >>>> I'm trying to run under CGIWRAP for Php, which is forcing me to >>>> run via the command line. In doing so, I really can't seem to get >>>> too far >>>> on this. >>> >>> My lack of response is due to my inexperience with running php in >>> cgi >>> mode. Should anyone have insight what can be changed to enable the >>> script in this environment, I'd be happy to make the changes. >>> >> I'm being told from the CGIWRAP people that it should "WORK", >> but when I post my CGIWRAP config, I get a deafening silence....... >> >> What are others using for PHP security? > > I've used phpsuexec in the past which runs PHP as a CGI.I It's common > on cPanel based servers. Mostly I don't though. It's too restrictive. > It doesn't force you to use the commandline though from what I > remember of it. > > For the types of attacks I get I find mod_security, a decent firewall > and a couple of changes to my mail server are enough to work with. > More work for me perhaps but less restrictions on my users, namely > not having .htaccess use, which is the biggest restriction with > phpsuexec and most of the cgi methods. > > I know most of my users too and watch any new users I don't. I'm in the same boat as Shaun and use pretty much the same setup. I do know from much forum trawling that when using php in cgi mode that file ownership and permissions are even more critical than otherwise. Could that be the cause of some of the trouble you're having? I believe the files must be owned by the user running the php-cgi as well as having the executable bit set, and that folders you might normally have set to user:webserver and 775 need to be user:user 755. verdon |
|
From: Shaun M. <sh...@ae...> - 2007-05-04 12:07:05
|
On 4 May 2007, at 12:42, Verdon Vaillancourt wrote: > > I'm in the same boat as Shaun and use pretty much the same setup. I > do know from much forum trawling that when using php in cgi mode that > file ownership and permissions are even more critical than otherwise. > Could that be the cause of some of the trouble you're having? I > believe the files must be owned by the user running the php-cgi as > well as having the executable bit set, and that folders you might > normally have set to user:webserver and 775 need to be user:user 755. > Yep. If you 777 files/folders then under phpsuexec it'll throw a 500 error until you change them. It therefore forces people to stop using insecure permissions. That's a good thing, but I think the downsides outweigh that. Shaun aegis design - http://www.aegisdesign.co.uk aegis hosting - http://www.aegishosting.co.uk |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X