diff options
author | Derick Rethans <derick@php.net> | 2002-03-04 20:25:54 +0000 |
---|---|---|
committer | Derick Rethans <derick@php.net> | 2002-03-04 20:25:54 +0000 |
commit | a686702eb97d0be269ceedf5186b21ad215654ef (patch) | |
tree | 7879e6a69fa69dc08ff03a90b8ac182d9b3d6ad1 | |
parent | a8e5e3f03001de3b880edd650722deec3e3fa33b (diff) | |
download | php-git-a686702eb97d0be269ceedf5186b21ad215654ef.tar.gz |
- MFH for:
document force-redirect in php.ini
-rw-r--r-- | php.ini-recommended | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/php.ini-recommended b/php.ini-recommended index ff7b1de373..5afa8bddaa 100644 --- a/php.ini-recommended +++ b/php.ini-recommended @@ -361,6 +361,10 @@ default_mimetype = "text/html" ;include_path = ".;c:\php\includes" ; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below doc_root = ; The directory under which PHP opens the script using /~usernamem used only @@ -375,6 +379,19 @@ extension_dir = ./ ; disabled on them. enable_dl = On +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; cgi.force_redirect = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; cgi.redirect_status_env = ; + + ;;;;;;;;;;;;;;;; ; File Uploads ; |