How to set doc_root or user_dir in PHP?

[Flaco]

Hi everyone,
For the security of CGI binary, I have been told to change the settings. I don't have much knowledge about the doc_root or user_dir that are used in PHP programming language. So I desperately need your help. Please tell me how to set doc_root or user_dir in PHP? Any other information that is related to the topic would also be grateful.!!

[Allan.d]

Add interactive content to your web server, such as scripts and executables, is often considered an insecure practice. If, by mistake, the script is not executed but displayed as regular HTML documents, this may result in leakage of intellectual property or safety concerns about including passwords. Therefore, most administrators prefer to set up a special directory for scripts that are accessible only through the PHP CGI, and so all the files in that directory will be interpreted and not displayed as such. Also, if you can not use the method described above, it is necessary to create a directory "doc_root" different from your "document root of your webserver.

[MindSpace]

You can use the directive doc_root in the configuration file, or you can set the environment variable PHP_DOCUMENT_ROOT. If this environment variable is assigned, the PHP CGI binary always build the file name to open with doc_root and the path information of the request, so you can be sure no script is executed outside the predefined directory. Except the directory specified by the user_dir. doc_root and user_dir directives are two totally independent so you can control access to directory "root document" separately from user directory.

[Reegan]

Another option is Directive user_dir. When the directive is not enabled, only files in the directory doc_root can be opened. Opening a file with the url http://my.host/ ~ user / doc.php does not correspond to the initiation a file in the root directory of the user but to open the file ~ user / doc.php under the directory "doc_root". If user_dir is set to the value public_php example, a query such http://my.host/ ~ user / doc.php open a file called doc.php under the directory called public_php under the root directory user.

[Solitario]

user_dir expansion happens regardless of the doc_root setting, so you can control the document root and user directory access separately. If the root user is / home / user, the file executed is / home / user / public_php / doc.php. doc_root and user_dir directives are two totally independent so you can control access to directory "root document" separately from user directory.

[Deabelos]

The configuration directive cgi.force_redirect avoids a direct call to a PHP script with a URL like http://my.host/cgi-bin/php/secretdir/script.php possible. In this case, PHP analyze the file only if there has been redirection. A quick review of the 5.3.0 code indicates that it the logic previously enabled by specifying the enable force cgi redirect, configure option is being built into php by default.