Php error message help


When trying to run a third party php software, hitting the submit button on a form yields the following error message:

Security Alert! The PHP CGI cannot be accessed directly.

This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive.

For more information as to why this behaviour exists, see the manual page for CGI security.

For more information about changing this behaviour or re-enabling this webserver, consult the installation file that came with this distribution, or visit the manual page."

I’ve tried many attempts at resolving however no success; some fedback indicates that this is configuration in the software itself while some say that the problem lies with DH.

Can anyone possibly enlighten me as to how to resolve?
All suggestions greatly appreciated.



That sounds reasonable, and from the information you have provided it will be very hard, if not impossible, to tell which case is correct.

We would have a lot better luck helping if we knew what “3rd party php software” we we’re talking about here (What is it’s name?, website?,is it open source?, etc.)

Without that, a couple of things come to mind that you might want to check.

  1. Check to see if you are running PHP with “Extra Web Security” enabled - you can check this from the Manage Domains Section of the Dreamhost Control Panel. Click the “edit” link to the right of the domain in question, and see if the “checkbox” for extra web security is “checked”. If so, you have enabled the Apache mod_security module for the domain, and that could be the source of your problem. To see if it is, I suggest “unchecking” the box and submitting the change. After it has taken effect (the “clock icon” next to the domain name goes away when you display the “manage Domains page”), run your script again and see if the error goes away. If so, one option is to run the program in that mode. If not, or if you decide you want to “debug” further, you can always re-enable “extra web security” for your domain by reversing the process just described.

  2. discuss with whomever you received the “some feedback” from the possible impact of mod_security on the installation; it sounds like your problem may be related to this, and other users of that program, or the developers, may be able to shed some additional light on your problem.

Of course, as the error messages said, “consult the installation file that came with this distribution, or visit the manual page.” - or share that information (or a link) with us so we can help decipher what is happening. Hopefully the “hint” about Apache “mod_security” will get you pointed in the right direction for the installation file or the manual to make more sense.

If it turns out that the problem is not related to the “mod_security” setting (which is what Dreamhost is referring to when they say “Extra We Security”) post back here with more specific information about the application, and we will try to help you figure it out. Good Luck! :slight_smile:



Thanks for the unexpectedly quick response. You are correct in that my initial post was somewhat vague… I hope to address that with this post along with some additional insight on another error message received this evening.

Software I’m installing is called “phpfootball” application ( found here… designed to track participants weekly nfl picks & tally the results i.e. most wins = winner fo r the week. I re-installed the software this evening to see if the change your suggested to the domain re: extra web security option would resolve the problem. No success…after entering picks for this weeks nfl
games, the following error message was returned:

Warning: Unexpected character in input: ‘’ (ASCII=15) state=1 in /usr/local/dh/cgi-system/php.cgi on line 1240

Parse error: syntax error, unexpected T_STRING in /usr/local/dh/cgi-system/php.cgi on line 1240

Any thoughts what this might be about… I beleive it might be associated with a php.ini file but not certain.


P.S. If you search the forum on the indicated website for my username “skingjack” you can readilyview some of the dialog re: the problems I’ve had with getting this software to run properly


Can I take this to mean that the first error(s) you reported are now gone? This would indicate that at least we are making progress, and that the program should be run without mod_security set to on. If would please respond back and confirm what is going on with this first error before we proceed, it would help.

[quote]Warning: Unexpected character in input: ‘’ (ASCII=15) state=1 in /usr/local/dh/cgi-system/php.cgi on line 1240

Parse error: syntax error, unexpected T_STRING in /usr/local/dh/cgi-system/php.cgi on line 1240[/quote]
I’ve got an answer to this one (and it is fairly common when running programs with PHP running as CGI, depending upon how the programmer coded the application). To fix this, you need to change “how the program refers to itself” in the code of the program. You need to edit the code in the program as follows:

Replace all instances of $_SERVER[‘SCRIPT_NAME’] with $_SERVER[‘PHP_SELF’]

and that problem will be cured. This Forum thread, as well as a lot of other places you can find via google discuss this situation, and there is a little background on it available in the “old” Dreamhost KB article about the differences between running PHP-CGI and mod_php. If this solves the problem (and I believe it will) you might pass this on to the forum for the application, or to the programmer, as he could easily enough put conditional code into the application to make it work irrespective of whether PHP is running as CGI or an Apache module. Good Luck!



I took a quick look at the website for phpfootball, and figured, “what the hell” - I gave it “quick install” and I now have it working on Dreamhhost. Here is what I have learned:

(This is for the “latest version” - Version 1.3 Released Aug 15, 21006 6:10 PM)

  1. The mod_security setting (“Extra Web Security” on Dreamhost Control Panel) can be set “on” (“checked”) - it seems to make no difference.

  2. As suspected, the error you encountered in your last post was due to the author’s use of $_SERVER[‘SCRIPT_NAME’] not returning the value he expected to see when running PHP as CGI in (at least) a couple of places. The fix is as I detailed in my last post: Replace all instances of $_SERVER[‘SCRIPT_NAME’] in the code with $_SERVER[‘PHP_SELF’] . So far, I found the change needed to be made in the entry.php file (around line 156) and team.php (around line 32). Making these two changes allowed the program to run “properly” in my initial testing (See more on that below).

  3. After making the described changes in the (at least!) two files described in item 2 above, make sure you clear your browser’s cache to allow your changes to be reflected in the browser.

  4. My test was done with PHP4.4.2, I have left testing under PHP 5 as an exercise for you. If PHP5 causes problems, and you don’t care which version of PHP you are running as long as you can run the application, just re-set your domain to use PHP4.42, similar to the way you modify the “Extra Web Security Setting” - from the Manage Domains control panel page (hit “edit” next to the domain name, make desired changes, and Save Settings). :wink:

That said, I have only spent about 1/2 hour testing, and although I went over the program’s menus fairly well and did not experience any other errors, you may may well find that error popping up in some other part of the application. If you do, just edit the file that generated the error, make the described change, and re-upload that file overwriting the one on the server. Alternately, if you feel competent to do so, you could just “go through everything” with a multifile search/replace utility and accomplish the same function. I’ll leave that as an additional exercise for you.

One thing I would suggest doing is removing the “raw” mailto: address from the template (lower left of screen) so as not to feed the email harvesting bots - It isn’t really needed as the “Contact” menu item takes users to a Contact Form. I also suggest replacing the mailto: link (“Administrator”) at the bottom of the “Help” file with a link to the “Contact Us” form (for the same reasons) :wink:

I don’t know how comfortable you are with the operation of the program, but understand you need to update data periodically in places, and run the cronupdate.php at least initially to populate the data so you can properly display the Current Game Status. Additionally, don’t forget to set your “Options” from the Admin login (there are several things you have to set there for things to work properly). For further help in operating the program, or managing data update, I think the author’s forum is probably the place to go.

Other than that, I think you should be good to go. I can tell from your postings on the author’s forum, that you have been working on this quite a while, so it will probably feel pretty good to get it running. The author might also appreciate knowing how to make his program work properly on systems running PHP as CGI, and I suggest you share your experience with him. Good Luck! :slight_smile: