IIS Best Practices for Configuring FastCGI and PHP | Rick Whitworth's Blog

IIS Best Practices for Configuring FastCGI and PHP

Best Practices for Configuring FastCGI and PHP

Security Isolation for PHP Web Sites

The recommendation for isolating PHP web sites in a shared hosting environment is consistent with all general security isolation recommendations for IIS 7.0. In particular, it is recommended to:

Use one application pool per web site

Use user account as an identity for application pool

Configure anonymous user identity to use the application pool identity

Ensure that FastCGI impersonation is enabled in php.ini file (fastcgi.impersonate=1)

For more details about security isolation in shared hosting environment, refer to Isolating Sites with Application Pools.

PHP Process Recycling Behavior

Make sure that FastCGI always recycles php-cgi.exe processes before the native PHP recycling kicks in. The FastCGI process recycling behavior is controlled by the configuration property instanceMaxRequests. This property specifies how many requests FastCGI process will process before recycling. PHP also has a similar process recycling functionality that is controlled by an environment variable PHP_FCGI_MAX_REQUESTS. By setting instanceMaxRequests to be smaller or equal to PHP_FCGI_MAX_REQUESTS, you can ensure that native PHP process recycling logic will never kick in.

To set these configuration properties use the following commands:

C:>%windir%system32inetsrvappcmd set config -section:system.webServer/fastCgi /[fullPath='c:{php_folder}php-cgi.exe'].instanceMaxRequests:10000
C:>%windir%system32inetsrvappcmd set config -section:system.webServer/fastCgi /+[fullPath='c:{php_folder}php-cgi.exe'].environmentVariables.[name=’PHP_FCGI_MAX_REQUESTS’, value='10000']

Note: If those parameters have not been set, then the following default settings are used: instanceMaxRequests = 200, PHP_FCGI_MAX_REQUESTS = 500 (on most PHP builds).

PHP Versioning

Many PHP applications may rely on functions or features available only in certain versions of PHP.

It is a common requirement in a shared hosting environment to support multiple versions of PHP on the same server. IIS 7.0 FastCGI handler fully supports running multiple versions of PHP on the same web server. For example, let’s assume that on your web server you plan to support PHP 4.4.8, PHP 5.2.1 and PHP 5.2.5 non-thread safe. To enable that, you must place corresponding PHP binaries in separate folders on files system (e.g. C:php448, C:php521 and C:php525nts) and then create the FastCGI application process pools for each version:

C:>%windir%system32inetsrvappcmd set config /section:system.webServer/fastCGI /+[fullPath='c:php448php.exe'] C:>%windir%system32inetsrvappcmd set config /section:system.webServer/fastCGI /+[fullPath='c:php521php-cgi.exe'] C:>%windir%system32inetsrvappcmd set config /section:system.webServer/fastCGI /+[fullPath='c:php525ntsphp-cgi.exe']

IIS.net : Learn IIS7: FastCGI with PHP: Web Server For Shared Hosting: Configuring Servers: Preparing the Deployment: Deploying the Windows Server 2008 Platform: Hosting Guidance

Random Posts

Loading…

Posted July 30, 2008 by rwhitworth. Comments and trackbacks are open. Follow the comments feed.

Filed under:

Windows Server

Tagged with: IIS, Windows Server 2008.

Leave a Reply

← IUsing FastCGI to Host PHP Applications on IIS 7.0

Auditing in MOSS 2007 →