WampServer
Apache, PHP, MySQL
on Windows
Securing PHP in Multi-Website Environment
Posted by:
jmweb
(---.res.spectrum.com)
Date: October 24, 2019 10:58AM
As the title states, how would one go about securing PHP in a multi-website WAMP environment? What I am attempting to achieve is a setup similar to what one would do using PHP-FPM - separate pools assigned to specific users that restrict file system access. Although I do not use WampServer, I do have a WAMP stack and I am hoping the WamServer gurus - in their infinite wisdom - can help.
My setup is pretty straightforard. One VirtualHost per website using mod_fcgid with:
AddHandler fcgid-script php
FcgidInitialEnv PHP_INI_SCAN_DIR "A_DIRECTORY"
FcgidWrapper "PATH_TO__php-cgi.exe"
mod_fcgid allows me to specify PHP_INI_SCAN_DIR per VirtualHost and I use this to set open_basedir to lock it into it's DOCUMENT_ROOT. Unfortunately, this setting carries a huge performance cost that has come to bite me.
I would love to somehow configure mod_fcgid in such a way to be able to disable open_basedir without losing the file access prevention benefits it provides.
So, I ask the community - how does WampServer secure PHP in multi-website environments?
Thanks!
My setup is pretty straightforard. One VirtualHost per website using mod_fcgid with:
AddHandler fcgid-script php
FcgidInitialEnv PHP_INI_SCAN_DIR "A_DIRECTORY"
FcgidWrapper "PATH_TO__php-cgi.exe"
mod_fcgid allows me to specify PHP_INI_SCAN_DIR per VirtualHost and I use this to set open_basedir to lock it into it's DOCUMENT_ROOT. Unfortunately, this setting carries a huge performance cost that has come to bite me.
I would love to somehow configure mod_fcgid in such a way to be able to disable open_basedir without losing the file access prevention benefits it provides.
So, I ask the community - how does WampServer secure PHP in multi-website environments?
Thanks!
Sorry, only registered users may post in this forum.
