Source of: /manual/en/security.cgi-bin.default.php
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/include/shared-manual.inc';
$TOC = array();
$PARENTS = array();
include_once dirname(__FILE__) ."/toc/security.cgi-bin.inc";
$setup = array (
'home' =>
array (
0 => 'index.php',
1 => 'PHP Manual',
),
'head' =>
array (
0 => 'UTF-8',
1 => 'en',
),
'this' =>
array (
0 => 'security.cgi-bin.default.php',
1 => 'Case 1: only public files served',
),
'up' =>
array (
0 => 'security.cgi-bin.php',
1 => 'Installed as CGI binary',
),
'prev' =>
array (
0 => 'security.cgi-bin.attacks.php',
1 => 'Possible attacks',
),
'next' =>
array (
0 => 'security.cgi-bin.force-redirect.php',
1 => 'Case 2: using cgi.force_redirect',
),
);
$setup["toc"] = $TOC;
$setup["parents"] = $PARENTS;
manual_setup($setup);
manual_header();
?>
<div id="security.cgi-bin.default" class="sect1">
<h2 class="title">Case 1: only public files served</h2>
<p class="simpara">
If your server does not have any content that is not restricted
by password or ip based access control, there is no need for
these configuration options. If your web server does not allow
you to do redirects, or the server does not have a way to
communicate to the PHP binary that the request is a safely
redirected request, you can specify the option <a href="configure.about.php#configure.enable-force-cgi-redirect" class="link">--enable-force-cgi-redirect</a>
to the configure script. You still have to make sure your PHP
scripts do not rely on one or another way of calling the script,
neither by directly <var class="filename">http://my.host/cgi-bin/php/dir/script.php</var>
nor by redirection <var class="filename">http://my.host/dir/script.php</var>.
</p>
<p class="simpara">
Redirection can be configured in Apache by using AddHandler and
Action directives (see below).
</p>
</div><?php manual_footer(); ?>
