Stack Overflow
Stack Overflow

Questions tagged [mod-php]

PHP installed as an Apache module

There are (at least) two ways of running PHP, when working with Apache :

  • Using CGI : a PHP process is launched by Apache, and it is that PHP process that interprets PHP code -- not Apache itself
  • Using PHP as an Apache module (called mod_php) : the PHP interpreter is then kind of "embedded" inside the Apache process : there is no external PHP process -- which means that Apache and PHP can communicate better.

When PHP is used as an Apache module it inherits Apache's user permissions (typically those of the "nobody" user). This has several impacts on security and authorization. For example, if you are using PHP to access a database, unless that database has built-in access control, you will have to make the database accessible to the "nobody" user. This means a malicious script could access and modify the database, even without a username and password. It's entirely possible that a web spider could stumble across a database administrator's web page, and drop all of your databases. You can protect against this with Apache authorization, or you can design your own access model using LDAP, .htaccess files, etc. and include that code as part of your PHP scripts.

Often, once security is established to the point where the PHP user (in this case, the apache user) has very little risk attached to it, it is discovered that PHP is now prevented from writing any files to user directories. Or perhaps it has been prevented from accessing or changing databases. It has equally been secured from writing good and bad files, or entering good and bad database transactions.

A frequent security mistake made at this point is to allow apache root permissions, or to escalate apache's abilities in some other way.

Escalating the Apache user's permissions to root is extremely dangerous and may compromise the entire system, so sudo'ing, chroot'ing, or otherwise running as root should not be considered by those who are not security professionals.

There are some simpler solutions. By using open_basedir you can control and restrict what directories are allowed to be used for PHP. You can also set up apache-only areas, to restrict all web based activity to non-user, or non-system, files.

70 questions
0
votes
1 answer

Centos 6.7 install PHP module for Apache

Im using a vagrant build vm and trying to install mod_php. yum install mod_php ..... Error: php70u-common conflicts with php-common-5.6.17-1.el6.remi.x86_64 Error: httpd24u conflicts with httpd-2.2.15-47.el6.centos.1.x86_64 Error: httpd24u-tools…
user3498116
  • 31
  • 1
  • 5
0
votes
2 answers

Conditional .htaccess based on apache server API

I'm having trouble with .htaccess, specifically changing the include_path value. On my dev server PHP is ran as a module, so I can use: php_value include_path "/whatever/path/i/want" Now when I migrated to the real server, PHP is ran as…
Ruso_x
  • 347
  • 1
  • 3
  • 14
0
votes
1 answer

Apache mod php and script invocation

Say I am running a PHP script, foo.php, inside apache configured with mod php, then, say I invoke the script from my browser(or any other means), does apache spawn off a new process in which the script gets executed? How does it work? Can someone…
Abhi
  • 2,298
  • 4
  • 29
  • 34
0
votes
2 answers

When to restart apache2 in apache2 and mod_php combination

Can someone tell me the scenarios when I have to restart apache2 in apache2 and mod_php setup? do we need to restart apache2 for every code deploy? I am new here and confused on when to restart apache2 .
Saida Babu Chanda
  • 73
  • 3
0
votes
1 answer

How to collect php metrics from mod_php?

As part of the performance testing of a Drupal web application and its infrastructure, I installed sensors on all hardwares and middleware bricks, but I dont know how to collect php metrics from mod_php (response time between apache and mod_php,…
anasdox
  • 629
  • 1
  • 7
  • 15
0
votes
1 answer

How to configure different Virtual Hosts based on apache + php_cgi and apache+mod_php?

everybody. I have a Cent OS 6.6 server with Apache + mod_php site (site1.local). I need to configure second site (site2.local) with php_cgi. So, I created a user, gave him permissions on www-folder, configured site1 as mod_php, created a…
MasteRus
  • 111
  • 1
  • 7
0
votes
1 answer

Running a website Apache2 on AWS EC2 instance using PHP

I am not exactly sure what is going on here, but I imagine there is a problem with permissions. I will try to describe the symptoms and hopefully someone will have a cure? I am trying to run my website on an EC2 instance. I installed lamp by…
Stagleton
  • 1,060
  • 3
  • 11
  • 35
0
votes
1 answer

Can I use the same PHP code for module and CGI installation

A simple and maybe stupid question: Can I use the exact same PHP code no matter whether PHP is installed as a module or as a cgi binary? I understand that the processing is different in these two cases but does Apache take care of it for me…
fast-reflexes
  • 4,891
  • 4
  • 31
  • 44
0
votes
2 answers

Getting mod_wsgi(reviewboard) and mod_php(wordpress) working on same servername but different path

I'm trying to get my wordpress site as well as my reviewboard site working under the same domain name. Ex: www.mysite.com (this is where i host my wordpress site) www.mysite.com/reviewboard (this is where I want to host my reviewboard site) I can…
user1609530
  • 25
  • 5
0
votes
2 answers

mod_php and world writable files on a VPS

I have a centos 5.8 VPS which is running mod_php rather than fastcgi which i'm used to on shared hosting, and I've run in to the problem that various bits of php intended to write to files need those files to be world writable. The files that are…
Jay
  • 902
  • 2
  • 12
  • 27
1 2 3 4
5