AddHandler directives on secure servers

software development

#1

Here’s the situation:
Have a secure web site and we want to use our own version of PHP (v4.3.0 with minimal support built in). After reading the KB file on compiling PHP in your home dir, I added a .htaccess file to our web directory…

AddHandler custom-php .php
Action custom-php /cgi/php.cgi

This works fine, phpinfo() reports the use of version 4.3.0.

HOWEVER…

Adding this same file to our secure directory produces some oddities. A simple file with phpinfo() in it will parse just fine…shows the use of v4.3.0. But our secure site (which resides in a sub-dir of the ssl site) genereates a loop of some kind (on the server) causing Mozilla browsers to kick out “Redirection limit for URL exceeded” errors. We don’t have any header() functions in the script…

This wouldn’t be an issue, but we are writing files to the filesystem and we need to write files securely (eg. outside the web dir and NOT 777).

Is there something one should watchout for when using php as a cgi (with --enable-force-cgi-redirect)?

I just don’t know where to start with this.
TIA
r.


Randy Sesser
University Extended Education
California State University, Stanislaus
http://www.ExtendedEd.com/