≡ Menu

php

You can create URL redirection service for your blog within five minutes using nothing but web server's mod_redirect module. For example, when you type or share a url io9.in/t/5159 you will be automatically redirected to http://www.cyberciti.biz/tips/my-10-unix-command-line-mistakes.html. In this quick post I will explain how to create url shortener and integrate your wordpress based blog without installing any new scripts.
[click to continue…]

Linux: 25 PHP Security Best Practices For Sys Admins

PHP is an open-source server-side scripting language and it is a widely used. The Apache web server provides access to files and content via the HTTP OR HTTPS protocol. A misconfigured server-side scripting language can create all sorts of problems. So, PHP should be used with caution. Here are twenty-five php security best practices for sysadmins for configuring PHP securely.
[click to continue…]

Poll: Your Favorite Scripting Language?

Like most sys admin, I'm lazy. I try to automate almost all things in order to save time. Inexperienced sys admin and help desk staff working under me finds all these tools useful. It saves their time and avoids security issues. Automation allows help desk staff to do things that they don't have enough direct system knowledge to do themselves. However, selecting correct tool and applying correct methodology is very important.
[click to continue…]

Now, mod_fastcgi is configured and running. FastCGI supports connection via UNIX sockets or TCP/IP networking. This is useful to spread load among various backends. For example, php will be severed from 192.168.1.10 and python / ruby on rails will be severed from 192.168.1.11. This is only possible with mod_fastcgi.
[click to continue…]

Red Hat / CentOS Apache 2 FastCGI PHP Configuration

FastCGI is a protocol for interfacing interactive programs with a web server. FastCGI's main aim is to reduce the overhead associated with interfacing the web server and CGI programs, allowing a server to handle more web page requests at once.

Also, PHP is not recommended with multithreaded Apache2 (worker MPM) because of performance and some 3rd party PHP extensions are not not guaranteed thread-safe.

nginx and lighttpd has inbuilt support for FastCGI. For Apache web server you need to use either mod_fastcgi or mod_fcgid.

Why use mod_fastcgi instead of mod_perl / mod_php?

From the wikipedia article:

Instead of creating a new process for every request, FastCGI can use a single persistent process which handles many requests over its lifetime. Processing of multiple requests simultaneously is achieved either by using a single connection with internal multiplexing (ie. multiple requests over a single connection) and/or by using multiple connections. Many such processes can exist, something that can increase stability and scalability. FastCGI also allows programs to get the web server to do certain simple operations, like reading in a file, before the request is handed over. Environment information and page requests are sent from the web server to the process over a TCP connection (for remote processes) or Unix domain sockets (for local processes). Responses are returned from the process to the web server over the same connection. The connection may be closed at the end of a response, but the web server and the process are left standing.

Many web site administrators and programmers are finding that the separation of web applications from the web server in FastCGI (and the simpler SCGI) has many desirable advantages over embedded interpreters (mod_perl, mod_php, etc.). This separation allows server and application processes to be restarted independently -- an important consideration for busy web sites. It also facilitates per-application security policies -- important for ISPs and web hosting companies.

In this quick tutorial, you will learn about Apache 2 + mod_fastcgi + PHP installation and configuration under Red Hat Enterprise Linux / CentOS Linux version 5.x+.
[click to continue…]

Download of the day: WordPress 2.7

WordPress version 2.7 has been released and available for download. From the announcement page:

The first thing you'll notice about 2.7 is its new interface. From the top down, we've listened to your feedback and thought deeply about the design and the result is a WordPress that’s just plain faster. Nearly every task you do on your blog will take fewer clicks and be faster in 2.7 than it did in a previous version.

What is new in WordPress 2.7

For a visual introduction to what 2.7 is, check out this video (available in HD, and full screen):

Download the latest release of WordPress version 2.7, released on 10 December 2008 (via official blog).

Debian PHP 5 Security Issues

Debian 5 php5 package has serious security issues as follows:

To prevent Denial of Service attacks by exhausting the number of available temporary file names, the max_file_uploads option introduced in PHP 5.3.1 has been backported.
[click to continue…]