<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Case 1: only public files served</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="security.cgi-bin.attacks.html">Possible attacks</a></div> <div class="next" style="text-align: right; float: right;"><a href="security.cgi-bin.force-redirect.html">Case 2: using cgi.force_redirect</a></div> <div class="up"><a href="security.cgi-bin.html">Installed as CGI binary</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="security.cgi-bin.default" class="sect1"> <h2 class="title">Case 1: only public files served</h2> <p class="simpara"> If your server does not have any content that is not restricted by password or ip based access control, there is no need for these configuration options. If your web server does not allow you to do redirects, or the server does not have a way to communicate to the PHP binary that the request is a safely redirected request, you can specify the option <a href="configure.about.html#configure.enable-force-cgi-redirect" class="link">--enable-force-cgi-redirect</a> to the configure script. You still have to make sure your PHP scripts do not rely on one or another way of calling the script, neither by directly <var class="filename">http://my.host/cgi-bin/php/dir/script.php</var> nor by redirection <var class="filename">http://my.host/dir/script.php</var>. </p> <p class="simpara"> Redirection can be configured in Apache by using AddHandler and Action directives (see below). </p> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="security.cgi-bin.attacks.html">Possible attacks</a></div> <div class="next" style="text-align: right; float: right;"><a href="security.cgi-bin.force-redirect.html">Case 2: using cgi.force_redirect</a></div> <div class="up"><a href="security.cgi-bin.html">Installed as CGI binary</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>