Google+

PHP Handlers

1

July 14, 2012 by harshalvaidya

In order to run a PHP site, the server must interpret the PHP code and generate a page most probably in HTML format that should be easily readable by the browser, when visitors access the website.

A PHP handler actually loads the libraries so that they can be used for interpretation of PHP code.

There are multiple different handlers that can be used for loading PHP with an Apahce server  :-

– CGI

– DSO

– suPHP

-FastCGI.

Each handler delivers the libraries through different files and implementations. Each file and implementation affects Apache’s performance, because it determines how Apache serves PHP.

It is essential for your server’s performance that you select the handler that fits your situation. Selecting the right handler is just as important as the PHP version itself. One handler is not necessarily always better than another; it depends on your unique setup.

How to change the handler

1) Though WHM Panel :-

Main >> Service Configuration >> Configure PHP and SuExec

You simply select your PHP handler choice from the drop-down menu. Then hit “Save New Configuration”.

2) Via Shell

# /scripts/easyapache

OR

#/usr/local/cpanel/bin/rebuild_phpconfig

PHP handlers :-

* DSO (mod_php)

Apache 1.3 introduced a method to load the modules dynamically called as Dynamic Sharing Object (DSO ) running in an Apache web server. DSO allows to load additional modules to apache webserver anytime without recompiling an entire server.

PHP as an Apache module is DSO.

It is  also know as mod_php.

It runs PHP as an Apache module. This means that PHP scripts will run as the Apache user, which is the user: ‘nobody’.

Merits :-

– DSO is an older configuration

– Actually considered as the fastest PHP handler.

– Optimal utilization of resource usage.

-Additional modules can be added without recompilation of server-

De-Merits :-

– Files created by PHP scripts will have ownership as “NOBODY” – the situation is more prone to website compromise by an attacker. If an hacker finds an exploit in PHP script. This will give them the ability to modify files outside of that user’s account. This is really worst.

-Websites that need to upload files through PHP may face permission issues, due to conflicts settings of permissions.

– OS Platform restriction, since dynamic loading is not supported by some OS.

More Information

CGI

CGI stands for: Common Gateway Interface. CGI handler will run PHP as a CGI module.  CGI still runs PHP processes as the Apache ‘nobody’ user. However, if you have suEXEC enabled, it will allow you to see the user that made the request.

CGI is considered as Neither Secure Nor Fast. CGI is never recommended.

http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/MorePhphandlers

suPHP

suPHP stands for Single user PHP. suPHP also runs PHP as a CGI module instead of an Apache module. The main difference, and the advantage of having suPHP, is that with suEXEC enabled it runs the PHP scripts as the user calling them, rather than as the ‘nobody’ user.

suPHP is typically the default handler and is recommended by cPanel for serving PHP because you will be able to see which user owns the account that is running the PHP script.

suPHP is beneficial in that if you are using a file upload tool on your site (such as an automatic updater or theme/plug-in installer for WordPress), the files will already have the right ownership & permissions. Uploading and other WordPress functions will not work without suPHP or FastCGI.

Merits :-

– The security difference between suPHP and DSO is that suPHP confines an intruder to the particular user that he/she has affected. The exploit can’t cross accounts, however it can affect every single file the user owns as opposed to just the files writable by the webserver.

– suPHP also offers a security advantage that any php script that is not owned by the particular user (such as another account or root) will not be executable.

De-Merits :-

– suPHP generally runs a much higher CPU load. In addition, you CANNOT use an Opcode Cache (such as eAccelerator, Xcache or APC) with suPHP. It is strongly recommend that you install a caching plug-into supplement. If you find that your server is still continually struggling   with CPU usage, you will want to consider switching to DSO or FastCGI.

FastCGI

FastCGI also called as FCGI or mod_fcgid it is similar to suPHP and/or is a high performance variation of CGI. It has the security/ownership benefits of suPHP in that PHP scripts will run as the actual cPanel user as opposed to ‘nobody’.

The difference with FastCGI is that it can drastically save on CPU performance and give speeds close to that of DSO. It can also be used with an opcode cacher like eAccelerator or APC, which can help further speed the loading of pages.

De-Merits :-

– FastCGI has a high memory usage. ( because rather than creating the PHP process each time it is called, like suPHP, it keeps a persistent session open in the background).

Go through below Image that will depict the PHP Handler :-

How to check current PHP Handler on server :-

 # /usr/local/apache/bin/rebuild_phpconf –current

Advertisements

One thought on “PHP Handlers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog Stats

  • 773 hits

stat

var infolink_pid = 1084591; var infolink_wsid = 0;
%d bloggers like this: