Search Results

Search found 538 results on 22 pages for 'fastcgi'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 16/22 | < Previous Page | 12 13 14 15 16 17 18 19 20 21 22  | Next Page >

  • Running PHP scripts as the owner of the PHP file: security issues

    - by thomasrutter
    I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web user can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

    Read the article

  • Security issues of running PHP scripts as the owner of the PHP file with suexec

    - by thomasrutter
    I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web server can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

    Read the article

  • Can't seem to install the correct version of PHP, using apt-get install

    - by Mark Tomlin
    I'm using Ubuntu 11.04 LTS server, it's a new install on a VPS box from MediaTemple (their ve server). I'm trying to install PHP 5.4.3 on this box, but I'm having a common problem not matter what version I get. I'm trying to get the php-cgi process, so I do the command apt-get install php-cgi and that installs, but does not provide me with the php-cgi executable. I need this so that I can run php-cgi -b 127.0.0.1:9000 and have it has a FastCGI process for my nginx install. Any idea what I can do to get this to work, bonus points if you can get this to work with PHP 5.4.3, because all I can seem to install is PHP 5.3.5.

    Read the article

  • FCGI & recompiling python code without restarting apache.

    - by Zayatzz
    Hello At one hosting company, they used to run python projects with fcgi. They had set it up so that when i changed django.fcgi file, which put django & my project on pythonpath, my project code was instantly recompiled. Because of that a friend set up hosting for our shared project in his server using fastcgi. It has been set up and the python scripts execute as they should, but what we do not know is, how to set it up so that my project would be recompiled when my setup file has been changed. Alan

    Read the article

  • Drupal + Lighttpd: enabling clean urls (rewriting)

    - by Patrick
    I'm emulating Ubuntu on my mac, and I use it as a server. I've installed lighttpd + Drupal and the following configuration section requires a domain name in order to make clean urls to work. Since I'm using a local server I don't have a domain name and I was wondering how to make it work given the fact the ip of the local machine is usually changing. thanks $HTTP["host"] =~ "(^|\.)mywebsite\.com" { server.document-root = "/var/www/sites/mywebsite" server.errorlog = "/var/log/lighttpd/mywebsite/error.log" server.name = "mywebsite.com" accesslog.filename = "/var/log/lighttpd/mywebsite/access.log" include_shell "./drupal-lua-conf.sh mywebsite.com" url.access-deny += ( "~", ".inc", ".engine", ".install", ".info", ".module", ".sh", "sql", ".theme", ".tpl.php", ".xtmpl", "Entries", "Repository", "Root" ) # "Fix" for Drupal SA-2006-006, requires lighttpd 1.4.13 or above # Only serve .php files of the drupal base directory $HTTP["url"] =~ "^/.*/.*\.php$" { fastcgi.server = () url.access-deny = ("") } magnet.attract-physical-path-to = ("/etc/lighttpd/drupal-lua-scripts/p-.lua") }

    Read the article

  • APC Not Enabled (WHM on CentOS)

    - by gamerzfuse
    I know this questions has been beat to death, but I've read almost all the responses and it hasn't solved my issue. I installed APC (no noted errors), I told PHP.ini to enable it and I made sure I am running PHP in FastCGI with SuExec turned off. Still I have no go. PHP / suEXEC Configuration Default PHP Version (.php files) 5 PHP 5 Handler fcgi PHP 4 Handler none Apache suEXEC off Apache Ruid2 off php.ini Configuration Alternative PHP Cache apc.enabled Alternative PHP Cache apc.shm_segments Alternative PHP Cache apc.shm_size When I run the APC.php file I get this message: No cache info available. APC does not appear to be running.

    Read the article

  • Recommended way to restrict Apache users

    - by Dor
    Following on why should we restrict Apache users, another two questions arises: What is the recommended method of restricting the places Apache users can traverse & read in the file system? What to do against fork bombs and other shell scripting problems? (bash scripting is allowed) My possible solutions (I prefer to know which solution you choose and why): chroot OR mod_chroot disable bash OR use Restricted BASH Please offer another solutions if you find appropriate. (perhaps selinux is?) Current status: Users are allowed to executed bash scripts (via PHP for example) suexec is active Apache requested are served with FastCGI for PHP

    Read the article

  • Good set of web hosting permissions?

    - by Jorge Israel Peña
    Hey guys, I just got a linode and I'm in the process of configuring it. It's running nginx with php-fpm and passenger. nginx was compiled and is running as user nginx. php-fpm (php with fastcgi process manager) is running as www-data (in group www-data). My sites are currently in /var/www, so for example /var/www/test.com I'm just wondering what the general 'flow' of things is. So for example, /var/www is owned by root, should I chown of /var/www/test.com to nginx or www-data? Or should I put nginx in the www-data group? How should site uploading work, I just transfer files to the /var/www/test.com directory as root (sudo) and then chown -R www-data:www-data .? Thanks. I'm capable of figuring things out on my own, I'm just wondering what the typical/general way of handling users/groups/permissions/site-files is on linux with a webserver.

    Read the article

  • MediaTemple Django Bad Gateway

    - by Eeyore
    I have a site running on GS server on MediaTemple. It's Django/PostgreSQL setup. For some reason from time to time I get Bad Gateway error and I can't figure out what's causing it. What can cause this error? What else can I do to find the cause of the problem? url.access-deny = ( "~", ".inc" ) fastcgi.server = ( "/main.fcgi" => ( "main" => ( "socket" => "/var/tmp/" + appname + ".sock", # don't change this "check-local" => "disable", ) ) ) alias.url = ( "/media/" => "/home/xxx/data/python/django/django/contrib/admin/media/", "/static/" => "/home/xxx/containers/django/site/static/", ) url.rewrite-once = ( "^(/media.*)$" => "$1", "^(/static.*)$" => "$1", "^/favicon\.ico$" => "/media/favicon.ico", "^(/.*)$" => "/main.fcgi$1", ) server.error-handler-404 = "/main.fcgi"

    Read the article

  • 504 Gateway Time-out after php fatal error

    - by tiagojsag
    I'm using nginx and php-fpm to develop a symfony2 based website, under ubuntu 12.10 (yes, I know I'm using a beta OS). Everything was working out fine until, due to an error on my code, I called an unexisting function, and got the following: Fatal error: Call to a member function (....) This isn't a problem (it's a bug in my code, easily fixable), but after this, no other page loads. My browser just keeps trying to load the page from the webserver, until nginx timeouts (after +- 30s, which should be some default timeout) and returns: 504 Gateway Time-out Restarting php-fpm solves the issue. Nginx logs show a timeout message, and nothing appears on php-fpm logs, even if I set them to debug level. I tried switching from fpm to fastcgi, and the same thing happens. I've looked around, but all similar error are related to big requests/file handling, which isn't the case. All the pages on my website load in a few seconds, even under development conditions (no caching, etc).

    Read the article

  • Perl script rendered in browser as code through symlink - fine when accessed directly

    - by John Dittmar
    I have a Rails 4 app that has some views that post to Perl cgi scripts. The perl scripts are accessed via a symbolic link to a folder called "cgi-bin". When I navigate to a perl script through the symbolic link they are rendered as text instead of executed (ie: localhost:3000/cgi-bin/test.cgi), however when I access them directly they execute without issue (ie. localhost/path/to/cgi-bin/test.cgi). I am using apache2 on os x. In the directory localhost/path/to/ I have an .htaccess file that contains the following: # General Apache options AddHandler fastcgi-script .fcgi AddHandler cgi-script .cgi Options +FollowSymLinks +ExecCGI I have the exact same lines in the .htaccess file that I have in localhost:3000/ I have also uncommented the AllowOverride all in httpd.conf. The are no errors in apache's error log. When I access the direct link to test.cgi a new line is appended to apache's access log, when I access the script through the symbolic link (and it is rendered as text), there is no line appended to the access log. Any idea why this error occurs? This setup worked fine in a previous version of rails of OS X, but recently I upgraded to Mavericks and figured I should update the Rails application to v4.0 as well.

    Read the article

  • Apache .htaccess problem: No input file specified.

    - by Michal M
    Hello Everyone, Can someone help me with this. I'm feeling like I've been hitting my head against a wall for over 2 hrs now. I've got Apache 2.2.8 + PHP 5.2.6 installed on my machine and the .htacces with code below works fine, no errors. RewriteEngine on RewriteCond $1 !^(index\.php|css|gfx|js|swf|robots\.txt|favicon\.ico) RewriteRule ^(.*)$ /index.php/$1 [L] The same code on my hosting provider server gives me a 404 error code and outputs only: No input file specified. index.php IS there. I know they have Apache installed (cannot find version info anywhere) and they're running PHP v5.2.8. I'm on windows xp 64-bit, they're running some Linux and php in cgi/fastcgi mode. Can anyone suggest what could be the problem? PS. if that's important that's for CodeIgniter to work with friendly URLs.

    Read the article

  • Moving away from PHP and running towards server-side JavaScript [on hold]

    - by Sosukodo
    I've decided to start moving away from PHP and server-side JavaScript looks like an attractive replacement. However, I'm having a hard time wrapping my head around how others are using Node.js for web applications. I'm currently using Lighttpd with FastCGI PHP. The one thing I like about PHP is that I can "inline" my scripts in the document like so: <?php echo 'Hello, World!'; ?> My question is: Is there any server-side JavaScript solution that I can use in this manor? For instance, I'd love to be able to do this: <?js print('Hello, World!'); ?> Is there such a thing? I'm not looking for opinions about "which is better". I just want to know what's out there and I'll explore each of them on my own. The important thing is that I'd like to use it like I demonstrated above. Links to the software along with implementation examples will be considered above other answers.

    Read the article

  • optimizing mod_fcgid for a dediciated site

    - by Mike Williams
    i'm using mod_fcgid and I'm trying to find resources on how i can optimize it for running a dedicated website but have had no luck... so far i have: ive got apache2 running and im trying to have php processes spawned and always running so apache does not have to keep spawning them. # Fastcgi configuration for PHP5 LoadModule fcgid_module modules/mod_fcgid.so MaxRequestsPerProcess 5000 # Maximum number of PHP processes. MaxProcessCount 8 # Number of seconds of idle time before a process is terminated IPCCommTimeout 1800 IdleTimeout 1800 AddHandler fcgid-script .php5 .php4 .php .php3 .php2 .phtml FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .php5 FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .php4 FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .php FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .php3 FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .php2 FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .phtml

    Read the article

  • When to use Nginx PHP Fast CGI with a TCP socket instead of a UNIX socket?

    - by user64204
    I've followed this guide to setup PHP in FastCGI mode with Nginx. This guide describes 2 ways of doing it: TCP socket and UNIX socket. I've ran some Apache Benchmark on my locale machine and here are the results: Below tests ran multiple times to get better average statistics: $ ab -c 200 -n 100000 http://.... APACHE: 1800 req/sec NGINX (TCP socket): 2500 req/sec NGINX (UNIX socket): 15000 req/sec As far as I understand, there is overhead with using a TCP socket rather than a UNIX socket, hence the better performance with the latter. However I was not expecting such a performance difference given that the TCP socket is on the localhost, and therefore would like to ask the following question: Q: Given the huge performance gain with using a UNIX socket, what are the configuration scenarios where it would make sense to use a TCP socket instead?

    Read the article

  • can server 2008's task scheduler run a php file?

    - by rg89
    Hello. I have a server 2008 64 bit machine with php5 via fastcgi installed. I want to run a .php script every day at 3 AM. I set up a task and "Last Run Result" says "%1 is not a valid Win32 application" The event properties describe more failure: "Task Scheduler failed to launch action "D:\InetPub\tools\something\build.php" in instance "{88cc01f4-9554-4b8f-9836-34d806337d7f}" of task "\Something". Additional Data: Error Value: 2147942593." Task Category: Action failed to start Is it possible to run scripts using the task scheduler? If not, how should I go about automating the execution of a php script? Thanks

    Read the article

  • 500 internal server error

    - by Rockr
    I am facing 500.0 Internal server quite frequently with my website. The error details are given below. HTTP Error 500.0 - Internal Server Error C:\PHP\php-cgi.exe - The FastCGI process exceeded configured activity timeout Module FastCgiModule Notification ExecuteRequestHandler Handler PHP_via_FastCGI Error Code 0x80070102 Requested URL http://mydomain.com:80/index.php Physical Path C:\HostingSpaces\coderefl\mydomain.com\wwwroot\index.php Logon Method Anonymous Logon User Anonymous When I contacted the support team, they're saying that my site is making heavy SQL Queries. I am not sure how to debug this. But my site is very small and the database is optimized. I'm running wordpress as platform. How to resolve this issue?

    Read the article

  • PHP + IIS7 + X64 OS (Windows 7 or Server 2008)

    - by Eric
    I'm going to answer my own question here, but I thought this might be important enough to post so that it would be indexed for the next person who runs into my situation. Problem: I can not seem to get PHP code to execute on a x64 bit version ofIIS7, whether it be in my desktop, Windows 7, or the application's final destination on Windows Server 2008. Every time I try and look at a test php document to confirm installation, I only see the source code. I've followed the documentation from PHP, from iis.net, blogs, howtos, just about anywhere I can find that Google would send me. I tried the web installer, tried manual installations instead of the MSI, tried version 5.3.5, tried version 5.2.17, but no matter what, the code would never execute. I even tried registering .eric files with PHP FastCGI Module, but same result, php source code only.

    Read the article

  • No input file specified with nginx

    - by user66700
    I'm getting "No input file specified." when I attempt to browse to the phpmyadmin domain, not sure what I'm doing wrong.. using both php-fpm and php-cgi, php-fpm is currently working another directory fine..Had to change the port number to 8888 since -fpm was already using 9000 http://pastebin.com/kdEckiL3 from nginx.conf: server { listen 80; server_name phpmyadmin.domain.com; access_log /home/fanboy/logs/phpmyadmin.access_log; error_log /home/fanboy/logs/phpmyadmin.error_log; location / { root /usr/share/phpmyadmin; index index.php; } location ~ \.php$ { fastcgi_pass 127.0.0.1:8888; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/share/phpmyadmin$fastcgi_script_name; include /usr/local/nginx/conf/fastcgi.conf; } }

    Read the article

  • IIS and PHP restrict IO permissions

    - by ULTRA_POROV
    I have php installed trough a fastCGI module. Is there a way to restrict the module (php.exe) read / write permissions to only the directory (+ subdirs) of the IIS site that is calling it? I need this to prevent one IIS PHP site from having access to files outside its own directory. How to do this? Is there a setting in php.ini or in the IIS configuration? I believe such a feature could exist, because when a file on the server is requested the root path of the site is also known, all it would take is that IIS passes this path to the php module, and the php module should on its end allow only IO operations within this path. PS: I know it is possible to achieve this by using a different windows account for each website, this is not an option.

    Read the article

  • PHP processes run one at a time, always taking 100% of one core

    - by Derek Kurth
    We have seven websites written in PHP running on a Windows 2008 server with IIS 7.5. They are all very slow right now. When I look in Task Manager, I see around 10 php-cgi.exe processes, and they are all taking 0% of the CPU, except one, which is taking 25%. It's a quad-core server, so it's taking 100% of one core. If I watch for a few seconds, the process taking 25% will go to 0%, and a different php-cgi.exe process will jump to 25%. So all the php-cgi.exe processes are just lined up, waiting on a single core, and each process uses 100% of the processor when it can. Each of the 7 sites is in its own application pool in IIS, and we're using FastCGI. The PHP version is 5.3. Any ideas? Thanks!

    Read the article

  • PHP Runs Very Slow on IIS7. Need Help optimizing our config

    - by Kendor
    Am running a PHP based web app on our Windows 2008 cloud-based server. The app, which runs fine outside of our environment (e.g. a different IIS server), but is VERY slow in our environment. Based on googling this is a relatively common situation. I installed PHP and MySQL via the IIS web deployment method... Here's our setup: Windows 2008 Server Enterprise SP2 (32-bit) Microsoft-IIS/7.0 MySQL client version: mysqlnd 5.0.8-dev - 20102224 $Revision: 321634 $ PHP extension: mysqli Update for IIS 7.0 FastCGI Windows Cache Extension 1.1 for PHP 5.3 I had read elsewhere that ipv6 might be an issue, so I turned this off on the network adapter. The app is using: localhost as its connection Be easy on me, as I'm a bit green about some of these components... Also, rewriting the PHP app or modifying it is NOT an option. I'm reasonably SURE that our config is the issue.

    Read the article

  • IIS 7.5 with PHP 5.3, displaying errors on page

    - by dreamlax
    I'm running Windows Server 2008 R2, with IIS 7.5 and PHP 5.3 (configured by FastCGI). In my php.ini I have: log_errors = On display_errors = Off error_log = syslog (also tried an actual file with appropriate permissions) Each time a page contains an error, it is never logged anywhere, but it is displayed on the page (unless I turn log_errors off). I'm guessing that the stderr from php-cgi.exe is being put on the page, instead of being logged where it is supposed to be. Is there a setting somewhere that allows me to log these errors properly?

    Read the article

  • APC on PHP 5.4 does not seem to be installed after installation

    - by Burning the Codeigniter
    I've recently upgraded to PHP 5.4 from 5.3.6, I did the command apt-get upgrade php5 with the custom PHP 5.4 repo which I added to the apt-get repositories, now that I upgraded, I restarted php-fastcgi and php5-fpm the APC does not seem to be installed with it after I did pecl install apc it seems to configure and install with the details below: Configuring for: PHP Api Version: 20090626 Zend Module Api No: 20090626 Zend Extension Api No: 220090626 But in my phpinfo() I get this: PHP API 20100412 PHP Extension 20100525 Zend Extension 220100525 Which I don't understand, how can I configure PECL to install with PHP 5.4 with my version, my installation with apc.so is stored to /usr/lib/php5/20090626/ however in /usr/lib/php5/ I have two PHP versions: 20090626 20100525 How can I remove either one and leave PHP 5.4 and manage it to install apc in the correct PHP version? I'm running Ubuntu 11.04 on my server. I need help on this please.

    Read the article

  • Can't set session.http_only for php under Plesk 11

    - by TheFoOL
    I want to enable session.cookie_httponly for my domain. I added these lines for my domain (in additional configuration directives): session.cookie_httponly = On error_log = error.log Error log works fine (a file is created) whereas session.cookie_httponly doesn't (according to phpinfo()). But why not? I use Plesk 11 on Ubuntu Server 12.04. PHP as FastCGI. PHP 5.3.10-1ubuntu3.4. Safe mode is off. Domain is associated to a dedicated IP address. Website powered by Joomla 2.5.7.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 12 13 14 15 16 17 18 19 20 21 22  | Next Page >