php handlers
DESCRIPTION
An overview of the four main PHP handlers used today - suPHP, DSO, CGI and FCGI. The talk covers their pros and cons and dispel the common myths surrounding them. I also explore a new approach to server setup that combines the best from each method using mod_ruid2.TRANSCRIPT
![Page 1: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/1.jpg)
Secure, Fast and ExperimentalPHP Handling
PBWEB.CO.UK
@PHILL_BROWN
![Page 2: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/2.jpg)
What is a PHP Handler?
Interprets code
<?phpecho ‘Hello’;
Hello
![Page 3: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/3.jpg)
DSO (mod_php)• Makes PHP part of Apache
• Oldest and most common
• Runs in the same process as Apache -low CPU and memory usage
• PHP-created files owned by apache user
![Page 4: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/4.jpg)
CGI• Run as a program outside of your server
• Reads php.ini configuration at runtime
• Loads PHP on every request - requires more CPU time and processes
![Page 5: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/5.jpg)
suPHP• Apache runs as the user that owns the
requested PHP script
• Doesn’t support PHP accelerators eg APC
• High CPU usage
![Page 6: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/6.jpg)
FastCGI• Apache runs as the user that owns the
requested PHP script
• Keeps a persistent session in the background
• Lower CPU but high memory usage
![Page 7: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/7.jpg)
SummaryDSO CGI suPHP FastCGI
CPU usage
Memory usage
Run as file owner
Supports PHP Accelerators
![Page 8: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/8.jpg)
The Ultimate Handler Setup
CPU usage
Memory usage
Run as file owner
Supports PHP Accelerators
![Page 9: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/9.jpg)
Enter mod_ruid2
![Page 10: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/10.jpg)
What is mod_ruid2?mod_ruid2 /webrootApache
Tells Apache to run /webroot files as User1
and Group1
Loads a wrapper program that executes your scripts using the configured credentials
![Page 11: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/11.jpg)
Where did mod_ruid2 come from?
mod_suid2 mod_ruid2Faster
Makes use of the Linux kernel to reduce processes
![Page 12: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/12.jpg)
How do we use mod_ruid2 to achieve The Ultimate Handler Setup?
![Page 13: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/13.jpg)
DSO + mod_ruid2
![Page 14: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/14.jpg)
DSO• Low CPU usage
• Low memory usage
• PHP accelerator support
mod_ruid2• Process
ownership control
![Page 15: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/15.jpg)
Site1 files owned by
User1
Apache server
Site2 files owned by
User2
Site3 files owned by
User3
Use
r2
![Page 16: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/16.jpg)
Apache is imprisoned in each website
![Page 17: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/17.jpg)
It gets better...
![Page 18: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/18.jpg)
Apache can write to any file
Site 1
includes
misc
modules
profiles
scripts
sites
themes
index.php
...
![Page 19: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/19.jpg)
But we can lockdown Apacheeven further
Site 1
includes
misc
modules
profiles
scripts
sites/default/files
themes
index.php
...
![Page 20: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/20.jpg)
Create a separate user for Apache
![Page 21: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/21.jpg)
Group
User ApacheUser
![Page 22: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/22.jpg)
‐rw‐r‐‐‐‐‐ User Group index.php
drwxrwx‐‐‐ User Group sites/default/files
This isThe Ultimate Handler Setup
![Page 23: PHP Handlers](https://reader034.vdocuments.mx/reader034/viewer/2022052217/5561db57d8b42a9d3f8b5c49/html5/thumbnails/23.jpg)
Thank you for listening!Handling questions...
PBWEB.CO.UK
@PHILL_BROWN