Good Day; I just performed an install of PHP 4.3.10 using the "php.ini-recommended" on IIS6 and was getting: "Security Alert! The PHP CGI cannot be accessed directly. This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive." After some research and talking to some php programmer buddies, the solution seemed to be to add the following to the php.ini : cgi.force_redirect = 0 cgi.redirect_status_env ="yes"; http://codewalkers.com/archives/phphelp/211.html Now my server functions but I am concerned with potential security problems. The INI file and the on-line manual state that REDIRECT_STATUS relates to Apache only and infers that it may be a serious security risk on other web servers. Note that in addition to adding PHP.EXE into the "APPLICATION CONFIGURATION" of a specific virtual server, I also had to add it into the WEB SERVER EXTENTIONS on the IIS6 server. This step was not documented in the PHP manuals I reviewed but it was required. Any explaination as to what these settings do and whether I have exposed my customers systems would be appreciated. -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
