PHP generates security Alert?

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
yangguizi
-


Joined: 08 Apr 2002
Posts: 2
Location: Bengbu, China

PostPosted: Mon Apr 08, 2002 3:44 pm    Post subject: PHP generates security Alert? Reply with quote

Hi, I am running Windows 98 (chinese), I have the latest binary of PHP and when I try to run a php script (that works on another server) I get the following page

Quote:
Security Alert! PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set. This variable is set, for example, by Apache's Action directive redirect.

You may disable this restriction by recompiling the PHP binary with the --disable-force-cgi-redirect switch. If you do this and you have your PHP CGI binary accessible somewhere in your web tree, people will be able to circumvent .htaccess security by loading files through the PHP parser. A good way around this is to define doc_root in your php.ini file to something other than your top-level DOCUMENT_ROOT. This way you can separate the part of your web space which uses PHP from the normal part using .htaccess security. If you do not have any .htaccess restrictions anywhere on your site you can leave doc_root undefined. If you are running IIS, you may safely set cgi.force_redirect=0 in php.ini.


I assume I've done something wrong, but I'm not sure what? I hope you won't tease me to harshly. Any suggestions?

I've never set up a web server before, and I managed to get Abyss running in 5 minute, from finishing download to bragging about my web page! I've tried to install Apache before but gave up in frustration. I take my hat off to you.

cool beans

YangGuiZi
Back to top View user's profile Send private message Visit poster's website AIM Address
JWDDawg
Guest





PostPosted: Mon Apr 08, 2002 8:40 pm    Post subject: AMEN! Same problem here. Reply with quote

Tried everything for 2 whole days to get PHP to work with many free web servers.

All turned out exactly the same result with the error message you just mentioned.

What's so difficult for me is to figure exactly what is the enviromental variable is, not to mention what is the set following the variable. The problem is there are many documentations don't exactly give out examples. They just give you the instructions or stynax which doesn't give me the clear picture how things work.

I'm standing by you and keeping my fingers crossed, hoping an expert will come by and save the day for us!

:D
Back to top
Crash
-


Joined: 05 Apr 2002
Posts: 10

PostPosted: Mon Apr 08, 2002 9:57 pm    Post subject: Reply with quote

To fix it, go into the Console (the place where you configure Abyss), then click on Server Configuration, then Advanced, then CGI Configuration, then in the box that says CGI Environment Variables at the bottom, click the Add button.

Enter the Name REDIRECT_STATUS, and the Value 1, then click OK and restart the server with the button at the top. That should fix it for ya :D
Back to top View user's profile Send private message
JWDDawg
Guest





PostPosted: Mon Apr 08, 2002 10:17 pm    Post subject: Now that is an example! Reply with quote

Crash wrote:

To fix it, go into the Console (the place where you configure Abyss), then click on Server Configuration, then Advanced, then CGI Configuration, then in the box that says CGI Environment Variables at the bottom, click the Add button.

Enter the Name REDIRECT_STATUS, and the Value 1, then click OK and restart the server with the button at the top. That should fix it for ya :D


Great start.

It is worth a try. I'll let you know the result as soon as I get to the PC at home.

A big token of appreciation for the tip!

:D
Back to top
JWDDawg
Guest





PostPosted: Mon Apr 08, 2002 11:53 pm    Post subject: I see the light at the end of the tunnel!!! Reply with quote

Crash wrote:

To fix it, go into the Console (the place where you configure Abyss), then click on Server Configuration, then Advanced, then CGI Configuration, then in the box that says CGI Environment Variables at the bottom, click the Add button.

Enter the Name REDIRECT_STATUS, and the Value 1, then click OK and restart the server with the button at the top. That should fix it for ya :D


PHP runs beautifully!

Makes me want to cry!

Moreover, the Abyss Web Server is very impressive. So simple, the documentation well-organised, and the server executes very fast!

This time I'm sticking with Abyss Web Server.

Now you got a fan right here!

Many, many thanks for the help!

:D
Back to top
Crash
-


Joined: 05 Apr 2002
Posts: 10

PostPosted: Tue Apr 09, 2002 12:05 am    Post subject: Reply with quote

Glad I could assist 8)
Back to top View user's profile Send private message
yangguizi
-


Joined: 08 Apr 2002
Posts: 2
Location: Bengbu, China

PostPosted: Tue Apr 09, 2002 12:06 am    Post subject: PHP A-Okay! Reply with quote

This worked perfectly, thanks Crash, you saved the day! :D

Crash wrote:

To fix it, go into the Console (the place where you configure Abyss), then click on Server Configuration, then Advanced, then CGI Configuration, then in the box that says CGI Environment Variables at the bottom, click the Add button.

Enter the Name REDIRECT_STATUS, and the Value 1, then click OK and restart the server with the button at the top. That should fix it for ya :D
Back to top View user's profile Send private message Visit poster's website AIM Address
Crash
-


Joined: 05 Apr 2002
Posts: 10

PostPosted: Tue Apr 09, 2002 12:07 am    Post subject: Reply with quote

hehe :lol:
Back to top View user's profile Send private message
Klaus
-


Joined: 16 Apr 2002
Posts: 2

PostPosted: Tue Apr 16, 2002 5:55 pm    Post subject: Reply with quote

Hi,

at first: thanks for your nice webserver.

Now, I had the same problem concerning
the security message mentioned above.
I tried to change the settings in the php.ini,
but it didn't worked..
I followed Crash's suggestions
Crash wrote:

Enter the Name REDIRECT_STATUS, and the Value 1,


and followed the suggestions to add a
php-support (including the slash in Cgi Path)
but now I end up with an 'Error 200' page.
My php seems to be installed correct, at
least my IDE can show me the phpinfo()-screen.

Any suggestion to handle this error 200?

thanks

Klaus
Back to top View user's profile Send private message
Klaus
-


Joined: 16 Apr 2002
Posts: 2

PostPosted: Sat Apr 20, 2002 12:26 am    Post subject: Reply with quote

hi,

really no guess about Error 200?


thanks

KLaus
Back to top View user's profile Send private message
GrandBragus
Guest





PostPosted: Tue Apr 23, 2002 9:55 pm    Post subject: Thanks! Reply with quote

Thanks guys!

I tried the tip stated earlier on and everything works just fine! I also tried apache, but I think I'll stay using Abyss for the rest of my live! :D Now's it's time to integrate some My SQL on my server...

Once again, thank you!
Back to top
yolk
-


Joined: 07 Jan 2003
Posts: 1

PostPosted: Tue Jan 07, 2003 8:53 pm    Post subject: Reply with quote

At first i'd like to say THANKS for mentioning the solution. At last my php works too!

At second a tip for people who still can't get their php working: it's supposed you have two REDIRECT_STATUS.
One REDIRECT_STATUS with a value of 1
The second REDIRECT_STATUS should have a value of 200

Now everything sould work.
Good luck
Back to top View user's profile Send private message
Bluedog
-


Joined: 05 Jan 2003
Posts: 179

PostPosted: Tue Jan 07, 2003 9:15 pm    Post subject: Reply with quote

when u setup php according to the info on this site, u only have on redirect_status set to 200 - this works fine for me...
Back to top View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group