Installing PHP under Windows XP and Apache : Part 2

Forum Moderators: coopster

Message Too Old, No Replies

Installing PHP under Windows XP and Apache : Part 2

Brett_Tabke

3:16 pm on Jul 6, 2005 (gmt 0)

This was an excellent thread:
[webmasterworld.com...]

I am redoing my php installation from scratch. One thing that has always perplexed me about the php install process is this line in the ini:

> doc_root = "C:\Program Files\Apache Group\Apache2\htdocs"

I use virtual hosts under Windows/Apache, so there is no single doc_root (about 200 of them on my system).

; The root of the PHP pages, used only if nonempty.
; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
; if you are running php as a CGI under any web server (other than IIS)
; see documentation for security issues. The alternate is to use the
; cgi.force_redirect configuration below

What should I put in there - just root "/" because most of the virtual "root" directories are pointed off root somewhere. eg: "c:/home/www/searchengineworld/..." or "c:/usr/www/sites/webmasterworld/")?

What are the security implications?

coopster

7:19 pm on Jul 6, 2005 (gmt 0)

To the best of my knowledge that directive only applies to CGI installations. Stick with Installing as an Apache module [php.net] as you don't even need that directive (you could actually comment it out and the server will run just fine, that's why I believe it is a CGI-type installation directive only). Otherwise, if you're really paranoid, you could create a dead-end directory in your Apache doc root and plop that value in there. However, as I mentioned, I believe that only applies to CGI installations.

jatar_k

7:33 pm on Jul 6, 2005 (gmt 0)

I think so too, I hadn't even seen it and I have never used php as cgi so I guess that makes sense

ergophobe

8:03 pm on Jul 6, 2005 (gmt 0)

I run many virtual hosts on my develpment workstation and server name and document root all resolve correctly for me in the normal way by just putting in a doc root setting in my virutal host declaration

<VirtualHost 127.0.0.11>
DocumentRoot g:/htdocs/somesite/html
ServerName somesite
</VirtualHost>

I don't think I've ever touched that setting in php.ini either. It makes sense that it woudl only kick in if no valid value is being set for that host in the httpd.conf, which I guess woudl be the case with the CGI version.

BTW - recently had to wipe my laptop hard drive and decided to try xampp as someone suggested in the original version of this thread. What a great way to get everything up and running in one go.

coopster

8:19 pm on Jul 6, 2005 (gmt 0)

Actually, it's a bit different than that, I believe ...

You can set the PHP script document root by the configuration directive doc_root [php.net] in the configuration file, or you can set the environment variable PHP_DOCUMENT_ROOT. If it is set, the CGI version of PHP will always construct the file name to open with this doc_root and the path information in the request, so you can be sure no script is executed outside this directory (except for user_dir below).

[php.net...]

Brett_Tabke

12:25 pm on Jul 7, 2005 (gmt 0)

cool - that is kinda what I thought; but, being a php newbie, I err on the side of caution when it comes to security matters.