Secure, Fast and Experimental       PHP Handling         PBWEB.CO.UK         @PHILL_BROWN
What is a PHP Handler?<?php            Interprets       Helloecho ‘Hello’;       code
DSO (mod_php)• Makes PHP part of Apache• Oldest and most common• Runs in the same process as Apache -  low CPU and memory ...
CGI• Run as a program outside of your server• Reads php.ini configuration at runtime• Loads PHP on every request - require...
suPHP• Apache runs as the user that owns the  requested PHP script• Doesn’t support PHP accelerators eg APC• High CPU usage
FastCGI• Apache runs as the user that owns the  requested PHP script• Keeps a persistent session in the  background• Lower...
Summary                              DSO     CGI   suPHP   FastCGICPU usageMemory usageRun as file ownerSupports PHP Accel...
The Ultimate Handler Setup  CPU usage  Memory usage  Run as file owner  Supports PHP Accelerators
Enter mod_ruid2
What is mod_ruid2?mod_ruid2                        Apache                        /webroot         Tells Apache to run     ...
Where did mod_ruid2 come from? mod_suid2   Faster    mod_ruid2                      Makes use of the                      ...
How do we use mod_ruid2 to achieve    The Ultimate Handler Setup?
DSO + mod_ruid2
DSO• Low CPU usage                            mod_ruid2                            • Process                              ...
Apache server                    User2Site1 files       Site2 files   Site3 filesowned by          owned by      owned by ...
Apache is imprisoned in each website
It gets better..
Site 1includesmiscmodules            Apache can write               to any fileprofilesscriptssitesthemesindex.php...
Site 1includesmisc                        But we canmodulesprofilesscripts               lockdown Apachesites/default/file...
Create a separate user for Apache
GroupUser           ApacheUser
This is     The Ultimate Handler Setup‐rw‐r‐‐‐‐‐ User Group index.phpdrwxrwx‐‐‐ User Group sites/default/files
Thank you for listening!  Handling questions..     PBWEB.CO.UK      @PHILL_BROWN
Upcoming SlideShare
Loading in …5
×

PHP Handlers

1,982 views

Published on

An overview of the four main PHP handlers used today - suPHP, DSO, CGI and FCGI. The talk covers their pros and cons and dispel the common myths surrounding them. I also explore a new approach to server setup that combines the best from each method using mod_ruid2.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,982
On SlideShare
0
From Embeds
0
Number of Embeds
58
Actions
Shares
0
Downloads
5
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

PHP Handlers

  1. 1. Secure, Fast and Experimental PHP Handling PBWEB.CO.UK @PHILL_BROWN
  2. 2. What is a PHP Handler?<?php Interprets Helloecho ‘Hello’; code
  3. 3. DSO (mod_php)• Makes PHP part of Apache• Oldest and most common• Runs in the same process as Apache - low CPU and memory usage• PHP-created files owned by apache user
  4. 4. CGI• Run as a program outside of your server• Reads php.ini configuration at runtime• Loads PHP on every request - requires more CPU time and processes
  5. 5. suPHP• Apache runs as the user that owns the requested PHP script• Doesn’t support PHP accelerators eg APC• High CPU usage
  6. 6. FastCGI• Apache runs as the user that owns the requested PHP script• Keeps a persistent session in the background• Lower CPU but high memory usage
  7. 7. Summary DSO CGI suPHP FastCGICPU usageMemory usageRun as file ownerSupports PHP Accelerators
  8. 8. The Ultimate Handler Setup CPU usage Memory usage Run as file owner Supports PHP Accelerators
  9. 9. Enter mod_ruid2
  10. 10. What is mod_ruid2?mod_ruid2 Apache /webroot Tells Apache to run Loads a wrapper /webroot files as User1 program that executes and Group1 your scripts using the configured credentials
  11. 11. Where did mod_ruid2 come from? mod_suid2 Faster mod_ruid2 Makes use of the Linux kernel to reduce processes
  12. 12. How do we use mod_ruid2 to achieve The Ultimate Handler Setup?
  13. 13. DSO + mod_ruid2
  14. 14. DSO• Low CPU usage mod_ruid2 • Process ownership control• Low memory usage• PHP accelerator support
  15. 15. Apache server User2Site1 files Site2 files Site3 filesowned by owned by owned by User1 User2 User3
  16. 16. Apache is imprisoned in each website
  17. 17. It gets better..
  18. 18. Site 1includesmiscmodules Apache can write to any fileprofilesscriptssitesthemesindex.php...
  19. 19. Site 1includesmisc But we canmodulesprofilesscripts lockdown Apachesites/default/filesthemesindex.php... even further
  20. 20. Create a separate user for Apache
  21. 21. GroupUser ApacheUser
  22. 22. This is The Ultimate Handler Setup‐rw‐r‐‐‐‐‐ User Group index.phpdrwxrwx‐‐‐ User Group sites/default/files
  23. 23. Thank you for listening! Handling questions.. PBWEB.CO.UK @PHILL_BROWN

×