<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Case 2: using cgi.force_redirect</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="security.cgi-bin.default.html">Case 1: only public files served</a></div> <div class="next" style="text-align: right; float: right;"><a href="security.cgi-bin.doc-root.html">Case 3: setting doc_root or user_dir</a></div> <div class="up"><a href="security.cgi-bin.html">Installed as CGI binary</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="security.cgi-bin.force-redirect" class="sect1"> <h2 class="title">Case 2: using <em>cgi.force_redirect</em></h2> <p class="simpara"> The configuration directive <a href="ini.core.html#ini.cgi.force-redirect" class="link">cgi.force_redirect</a> prevents anyone from calling PHP directly with a URL like <var class="filename">http://my.host/cgi-bin/php/secretdir/script.php</var>. Instead, PHP will only parse in this mode if it has gone through a web server redirect rule. PHP older than 4.2.0 used <em>--enable-force-cgi-redirect</em> compile time option for this. </p> <p class="simpara"> Usually the redirection in the Apache configuration is done with the following directives: </p> <div class="example-contents"> <div class="apache-confcode"><pre class="apache-confcode">Action php-script /cgi-bin/php AddHandler php-script .php</pre> </div> </div> <p class="simpara"> This option has only been tested with the Apache web server, and relies on Apache to set the non-standard CGI environment variable <span class="envar">REDIRECT_STATUS</span> on redirected requests. If your web server does not support any way of telling if the request is direct or redirected, you cannot use this option and you must use one of the other ways of running the CGI version documented here. </p> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="security.cgi-bin.default.html">Case 1: only public files served</a></div> <div class="next" style="text-align: right; float: right;"><a href="security.cgi-bin.doc-root.html">Case 3: setting doc_root or user_dir</a></div> <div class="up"><a href="security.cgi-bin.html">Installed as CGI binary</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>