Security alert! notice

cody44

Having just set some code and testing it I get the following notice;

Security Alert! The PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive.

Now im a bit confused, where can I change the REDIRECT STATUS ?

Any help would be appreciated.

bradgrafelman

Check out the php.ini (for Windows) setting here:

; cgi.force_redirect is necessary to provide security running PHP as a CGI under
; most web servers. Left undefined, PHP turns this on by default. You can
; turn it off here AT YOUR OWN RISK
; You CAN safely turn this off for IIS, in fact, you MUST.
; cgi.force_redirect = 1

cody44

Thanks bradgrafelman,

My php.ini file is located in windows, have been in and changed redirect =1 and tried, still the same message I receive, set it back to 0 and still getting the same message !!!!

Bit stumped and I know all I have to do is switch it off but it has no effect. Is there any way of checking my php.ini from within phpMySql ?

MikeSnead

Did you try commenting out the line with the semi-colon? like...

; cgi.force_redirect = 1

bradgrafelman

Well, yes, but all it does is use phpinfo().

Try going to:

/phpmyadmin/phpinfo.php?lang=en-iso-8859-1&server=1

it should output a phpinfo() for you.

EDIT: Assumed you had done so, but reading the above post made me have to ask: did you uncomment the line when you were changing the values (by removing the semicolon) ?

cody44

Commented without ;

I will check php info. I think I may need to upgrade to php 4.3.6.

I am just wondering if I have the php.ini file located somewhere else and its reading the file from a different location.

bradgrafelman

Yup. Make a phpinfo script and send us the link.

cody44

Have checked my phpinfo...................I am on version 4.3.10 is it worth upgrading to ver 4.3.6 (just for the sake of sorting out the security alert!)

Checking the phpinfo it indicates that my REDIRECT STATUS: 200

bradgrafelman

I'm not too savvy with this error. Though, my personal feeling is this: it's hardly ever a bad idea to update to the latest version, especially if you're a few versions behind.

Unless someone has a quick fix for this problem, I'd say try updating to the latest (4.3.11 I believe).

Weedpacket

Originally posted by cody44
Have checked my phpinfo...................I am on version 4.3.10 is it worth upgrading to ver 4.3.6 (just for the sake of sorting out the security alert!)

Um, 6 is less than 10. Going from 4.3.10 to 4.3.6 would be a downgrade.

As bradgrafelman noted (see I got the name right that time!) the current version of PHP4 is 4.3.11.

bradgrafelman

Yeah, I chose to ignore his random version number and give the latest version.

(Thanks weed!!!)

cody44

Does 4.3.1 sound better.

That would be an upgrade then !

bradgrafelman

4.3.1 would be even older than 4.3.6 ....

1 < 6 < 10