Re: [users@httpd] Running php scripts outside of document root

Sun, 24 May 2009 22:31:37 -0700 

Thanks for your help, that solved the problem.

To answer your question as to why I don't want my php scripts to be in the
document root tree, it is a potential security issue. I would rather not
allow anyone to peruse my source code as they may be able to find ways to
exploit it more easily.


On Sun, May 24, 2009 at 12:45 AM, Doug Bell <d...@plainblack.com> wrote:

> On May 24, 2009, at 12:31 AM, Lyle Wincentsen wrote:
>
>
>> In short, I am trying to set up my document root to be /var/www/htdocs and
>> I want my php scripts to run in /var/www/cgi-bin.
>>
>>
>
> Why? You can run PHP scripts in the same directory as your htdocs as you
> want.

I'm thinking it is a potential security issue if they are in the document
root, since people will be able to look at the source code and figure out
how to exploit it. I'd rather it be inaccessible to them.

>
>
 For some reason I am getting "500 internal server error" when I try to run
>> a script
>> (called phpauth.php) in that directory. If I try to run the same
>> script in the document root, it works fine but I don't want to do
>> that.
>>
>> Here are the relevant lines of the error log:
>>
>> [Sat May 23 22:19:02 2009] [error] [client {mylaptop.ip.address}]
>> (8)Exec format error: exec of '/var/www/cgi-bin/phpauth.php' failed,
>> referer: http://{myserver.ip.address}
>> [Sat May 23 22:19:02 2009] [error] [client {mylaptop.ip.address}]
>> Premature end of script headers: phpauth.php, referer:
>> http://{myserver.ip.address}
>>
>>
>
>  Exec format error means your #! line is incorrect. Since you're using
PHP, you're probably not using CGI (which requires the #! line)

 I had been under the impression that "CGI" was a generic term that applied
whenever one was using any kind of scripting on the server. I see I need to
read up on that some more. The CGI book I recently read was very dated.



> #       ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/         ScriptAlias
>> /cgi-bin/ /var/www/cgi-bin/
>>
>>
> Here's the issue. It should be "Alias" not "ScriptAlias". If you intend on
> also running CGI scripts from this directory, add "AddHandler cgi-script
> .cgi" to the <Directory /var/www/cgi-bin> block.
>
> Make sure to enable PHP for that directory as well: AddHandler
> application/x-httpd-php .php
>
> Doug Bell -- Senior Developer, Plain Black Corp.
> [ http://plainblack.com ]
>


>  Thanks a lot, I will try that.
> -Lyle
>
>
>

Reply via email to