Re: Running php scripts outside of document root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: Running php scripts outside of document root
From: Lyle Wincentsen <lyle.wincentsen@xxxxxxxxx>
Date: Mon, 25 May 2009 00:31:03 -0500
In-reply-to: <CDC23C46-E9F9-4187-9AC6-DFDFBA2C6E17@xxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

Thanks for your help, that solved the problem.

To answer your question as to why I don't want my php scripts to be in the document root tree, it is a potential security issue. I would rather not allow anyone to peruse my source code as they may be able to find ways to exploit it more easily.

On Sun, May 24, 2009 at 12:45 AM, Doug Bell <doug@xxxxxxxxxxxxxx> wrote:

On May 24, 2009, at 12:31 AM, Lyle Wincentsen wrote:

In short, I am trying to set up my document root to be /var/www/htdocs
and I want my php scripts to run in /var/www/cgi-bin.

Why? You can run PHP scripts in the same directory as your htdocs as you want.

I'm thinking it is a potential security issue if they are in the document root, since people will be able to look at the source code and figure out how to exploit it. I'd rather it be inaccessible to them.

For some reason
I am getting "500 internal server error" when I try to run a script

(called phpauth.php) in that directory. If I try to run the same

script in the document root, it works fine but I don't want to do

that.

Here are the relevant lines of the error log:

[Sat May 23 22:19:02 2009] [error] [client {mylaptop.ip.address}]

(8)Exec format error: exec of '/var/www/cgi-bin/phpauth.php' failed,

referer: http://{myserver.ip.address}

[Sat May 23 22:19:02 2009] [error] [client {mylaptop.ip.address}]

Premature end of script headers: phpauth.php, referer:

http://{myserver.ip.address}

Exec format error means your #! line is incorrect. Since you're using PHP, you're probably not using CGI (which requires the #! line)

I had been under the impression that "CGI" was a generic term that applied whenever one was using any kind of scripting on the server. I see I need to read up on that some more. The CGI book I recently read was very dated.

# ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

ScriptAlias /cgi-bin/ /var/www/cgi-bin/

Here's the issue. It should be "Alias" not "ScriptAlias". If you intend on also running CGI scripts from this directory, add "AddHandler cgi-script .cgi" to the <Directory /var/www/cgi-bin> block.

Make sure to enable PHP for that directory as well: AddHandler application/x-httpd-php .php

Doug Bell -- Senior Developer, Plain Black Corp.

[ http://plainblack.com ]

Thanks a lot, I will try that.

-Lyle

Follow-Ups:
- Re: Running php scripts outside of document root
  - From: Nicholas Sherlock

References:
- Running php scripts outside of document root
  - From: Lyle Wincentsen
- Re: Running php scripts outside of document root
  - From: Doug Bell

Prev by Date: ............ :( Plz help
Next by Date: Re: Running php scripts outside of document root
Previous by thread: Re: Running php scripts outside of document root
Next by thread: Re: Running php scripts outside of document root
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]