WAMP/PHP
Views:
(Part of the WAMP documentation.)
Get the "non thread safe" installer from http://www.php.net/downloads.php. During the install, select the "Do not setup a web server option". You need to manually select all of the extensions you need, they are not all installed by default.
The Tread Safe version of PHP can't be trusted! At least some of the modules are not available and for the most part, as long as you run with FastCGI the non thread safe version will be absolutely fine.
Contents |
PHP Configuration
The PHP recommended (php.ini-recommended) settings should be suitable and can be renamed to "php.ini" in the installation directory.
The timezone needs to be set up correctly in the ini file:
date.timezone = "Europe/London"
Apache Configuration
This section follows on from this basic Apache Configuration
To enable PHP/FastCGI and be able to run PHP web sites the following configuration directives are required in the Virtual Host configuration files:
<VirtualHost *:80>
# other settings ...
# other settings ...
DefaultInitEnv PHPRC "C:/Program Files/PHP/"
DefaultInitEnv PATH "C:/Program Files/PHP;C:/WINDOWS/system32;C:/WINDOWS;C:/WINDOWS/System32/Wbem;"
AddHandler fcgid-script .php
DirectoryIndex index.php index.html index.htm
<Directory "D:/Apache_Sites/www_example_com/public">
Options Indexes ExecCGI
AllowOverride All
Order allow,deny
Allow from all
# This directive has a thing against spaces in paths
FCGIWrapper "C:/Progra~1/PHP/php-cgi.exe" .php
</Directory>
# other settings ...
# other settings ...
</VirtualHost>
Simple Test
To carry out a quick test and see that every thing is working OK, create a file called "index.php" in the document root and put the following code inside:
<?php phpinfo();?>
Using the example virtual host from the Apache Configuration and above, the file would be "C:\Apache_Sites\www_example_com\public\index.php"
Additional PHP Security
This set up has a good level of security. It is possible to get more by restricting PHP to only access certain areas of the file system on a per-virtual host basis.
Copy the php configuration file from the PHP directory to the "conf" directory for the virtual host.
C:\> copy "%PROGRAMFILES%\PHP\php.ini" \Apache_Sites\www_example_com\conf\php.ini
Edit the Virtual Host's vhost.conf file, modify the FCGIWrapper directive as follows:
FCGIWrapper "C:/Progra~1/PHP/php-cgi.exe -c C:\Apache_Sites\www_example_com\conf\php.ini" .php
Test to see that the new apache configuration is OK, restart the server, then check your PHP test page still loads OK.
C:\ > httpd -t C:\ > httpd -k restart
Now you can add additional settings that apply only to one Virtual Host at a time. The most effective of these is the "open_basedir" restriction that will only allow PHP to access files and directories with in the directory specified:
open_basedir = "C:\Apache_Sites\www_example_com;C:\Program Files\PHP\PEAR"
Note: PHP will only match the start of a directory unless you add a trailing slash. For example,
open_basedir = "C:\Apache_Sites\www_"
will allow access to both C:\Apache_Sites\www_example_com and to C:\Apache_Sites\www_testing_example_com but not to C:\Apache_Sites\secure_example_com
Other options are to provide separate directories for session data and file-uploads on a per-virtual host basis using the following options:
session.save_path = "C:\Apache_Sites\www_example_com\temp" upload_tmp_dir = "C:\Apache_Sites\www_example_com\temp"
Note: Changing these settings will require changing the temp directory setting for FastCGI, you will need to override those settings in your virtual host configuration file. Don't forget to give the APACHE2 user account write permissions to the "temp" folder.
Also worth considering:
expose_php = Off
Another restart is required:
C:\ > httpd -k restart
