• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

running php outside the web tree in apache

Drakkon

Drakkon

Diamond Member
I have a very annoying server setup at the university I'm working at where PHP is compiled as a CGI application and it runs outside the web tree in apache. Thus i have to put the
#! thing at the top of every php script n addition to putting them in a cgi-bin directory whcih no other filetypes can run from. On top of this all php runs under https whereas all html gets run under a http domain. so while my php script runs at https://www.mysite.edu/cgi-bin/domain/script.php man image file has to be run at http://domain.mysite.edu/images/image.jpg.

Screwy enough yet?

Well my newest dilemma is this : i have a PHP page that needs to be guarded by some sort of auth. I thought htaccess would be the easiest but apparently when you run PHP outside of the web tree apache doesn't process the htaccess file. Or at least thats the impression I'm getting (the web group here is of NO help whatsoever btw). Any thoughts/ideas of what can be done using this config (outside of using a cookie/regular login/pass script)?

I'm not sure why it is setup this way if its for security or because someone is lazy or they just don't want to mess with it anymore but its making it impossible to create any neat sites. I can't do any flash/php modules because due to flash player security a http domain cannot access an https domain and i cant run a swf under the https domain (just as another aannoying example of something i would like to find a way to do but cant at this point).
 
To run flash from https, could you have a php script that takes the name of the swf as an argument, switches the Content-type to application/flash or whatever it's supposed to be and then just streams the swf out from disk?

I don't know much about cgi but it seems illogical that there would be a server-side application framework without some kind of authentication mechanism. Do the apache docs have anything useful (assuming this is apache)?
 
I'll have to try the content type switch. I did it for images but that was using the GD library but should be just as simple as reading a swf file and converting it to content. thanks for that idea! 😀

the apache docs say stuff about htaccess and cgi but never in the same paragraph so i havent been able to put anything together.
 
When you say (outside of using a cookie/regular login/pass script) do you mean Sessions as well? PHP Sessions can provide some decent low level security, especially when combined with a user database.
 
I am currently doing the sessions but was hoping to be able to use the htaccess as it would provide an ability to lock down entire sub-folders in certain areas while we programmed. There is no 'testing' or 'developement' server in place and duplicating the configuration is impossible as we would have no access to the SQL/Oracle servers that are apparently behind a firewall that can only be penetrated by this webserver.

p.s. the content type code worked great for PHP/SWF - unfortunately no ming library so had to do it the old fashioned way of reading the file then outputting each line.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top