IIS CGI mode problem - what the hell is cgi-redirect ?

richardliu

I can't get PHP4.2x ZIP version installed on Windows. It ALWAYS report some cgi-redirect and user_document security issue. I spent hours try every combination of cgi-redirect and user_document setting in php.ini, none would work.

Finally, I grab the installer version, and it finally worked. Then I keeped the php.ini file generated by installer, and set IIS to use the PHP.EXE of ZIP version. Again, the security alert re-appeared. That's way ridiculous.

What the hell is cgi-redirect ? Are these two php compiled with different parameters ? And why can't I get a less-security but easy-to-install version ? I'm intend to build a platform for PERSONAL developing platform, it even get no real IP.

Mark

for one, its not cgi-redirect, its cgi.force_redirect, and for IIS it MUST be set to 0

in your php.ini file hit Ctrl + F, type in cgi.force_redirect = and make sure it is set to 0, not 1

is that what you asking?

VaTech

I have set cgi.force_redirect = 0 for my IIS/2000 install but when I use the EXE, I get the error

Security Alert! The PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive.

So the question is : What do I put in REDIRECT_STATUS? I have yet to find any documentation that answers that.

VaTech

I fixed the problem by upgrading to the latest stable dev copy of PHP and using the PHP executable in IIS.