« Previous Next »

• 10-06-2009, 2:05 PM

  jon.ebersole Joined on 06-26-2002, 12:58 PM Pennsylvania, USA Posts 16

  Bug? open_basedir using UNC path in applicationhost.config file... Reply Contact First off, let me say; I don't like PHP yet.  I like how each website in IIS is completely isolated from one another, regardless of the module being used, without any additional or special configuration steps on my part.  But PHP on the other hand, what a pain in my butt. I have multiple IIS7 webservers setup in a web farm.  They each use SharedConfiguration and point to the same applicationHost.config file and point to the same websites on a UNC path.  Each website has a copy of its very own php.ini file as well. \\server\websites\sharedconfig \\server\websites\web1 \\server\websites\web2 I have PHP version 5.3 non-thread safe installed on each web server in the farm in the same locaiton: c:\php\ It's very simple, I want to limit (isolate) the users so they can only access files (without exception) to their own folders with their websites in them.  In my example above, i don't want any php code in \web1 to be able to access any files or folders in \web2, and vice versa.  Based on posts on this site, i have made changes to my applicationHost.config file as such... <fastCgi> <application fullPath="C:\PHP\php-cgi.exe|-d open_basedir=\\server\websites\web1\" activityTimeout="30" requestTimeout="30" instanceMaxRequests="1000" arguments="-d open_basedir=\\server\websites\web1\"> <environmentVariables> <environmentVariable name="PHP_FCGI_MAX_REQUESTS" value="10000" /> <environmentVariable name="PHPRC" value=\\server\websites\web1\ /> </environmentVariables> </application> <application fullPath="C:\PHP\php-cgi.exe|-d open_basedir=\\server\websites\web2\" activityTimeout="30" requestTimeout="30" instanceMaxRequests="1000" arguments="-d open_basedir=\\server\websites\web2\"> <environmentVariables> <environmentVariable name="PHP_FCGI_MAX_REQUESTS" value="10000" /> <environmentVariable name="PHPRC" value=\\server\websites\web2\ /> </environmentVariables> </application> </fastCgi> The above section in my applicationHost.config file doesnt work at all. It gives me 500 - Internal Server Errors.  As soon as I remove the argument info from the fullpath "|-d open_basedir=\\server\websites\webX" values, it works, but they have full control of each other's folders. Based on the documentation on this site, it also says to do this in the applicaitonHost.config file for each site respectively (where Web1 is obviously replaced by the other site names, like Web2, etc.) <location path="Web1.com"> <system.webServer> <handlers accessPolicy="Read, Script"> <add name="PHP_via_FastCGI" path="*.php" verb="*" modules="FastCgiModule" scriptProcessor="C:\PHP\php-cgi.exe|-d open_basedir=\\server\websites\web1\" resourceType="Unspecified" requireAccess="Script" /> </handlers> </system.webServer> </location> And nope, still doesn't work.  As soon as I remove the -d option for open_basedir, it stops working.  I have no idea what could be wrong.  Any help would be greatly appreciated.  On another note, the Administration Configuration module that allows you to use the FastCGI plugin in IIS7 doesn't work in shared configuration mode, so I can't seem to use that to help configure the sites.  I have to do everything manually. :-(    Thanks in advance! Thanks, Jon Ebersole

• 10-06-2009, 4:22 PM

  In reply to

  ksingla Joined on 06-14-2006, 3:02 AM Redmond, WA Posts 863

  Re: Bug? open_basedir using UNC path in applicationhost.config file... Reply Contact Hi Jon, Your handlers settings are fine but fastcgi section is not correct. You need to put "-d open_basedir=\\server\websites\web1\" in the arguments property. Here is how the application entry will look like. <fastCgi>  <application fullPath="C:\PHP\php-cgi.exe" arguments="-d open_basedir=\\server\websites\web1\" ...... /> </fastCgi> Let me know if this doesn't work. Thanks, Kanwal Follow me on twitter at http://twitter.com/kjsingla

• 10-06-2009, 4:47 PM

  In reply to

  jon.ebersole Joined on 06-26-2002, 12:58 PM Pennsylvania, USA Posts 16

  Re: Bug? open_basedir using UNC path in applicationhost.config file... Reply Contact Actually, I'm sorry for the confusion.  To hide my folder names, website names, and server names I just typed all of that by hand.  I made a mistake when typing in the fastCgi section.  I have exactly what you have above in the fastCgi section with the arguments exactly.  The handler section was typed properly.  It doesn't work. Thanks, Jon Ebersole

• 10-07-2009, 9:02 AM

  In reply to

  jon.ebersole Joined on 06-26-2002, 12:58 PM Pennsylvania, USA Posts 16

  Re: Bug? open_basedir using UNC path in applicationhost.config file... Reply Contact Well, I finally figured it out.  I really, really thought I tried this, but apparently I didn't.  It now works if I escape the "\" characters in all sections... <fastCgi> <application fullPath="C:\PHP\php-cgi.exe|-d open_basedir=\\\\server\\websites\\web1\\" activityTimeout="30" requestTimeout="30" instanceMaxRequests="1000" arguments="-d open_basedir=\\\\server\\websites\\web1\\"> <environmentVariables> <environmentVariable name="PHP_FCGI_MAX_REQUESTS" value="10000" /> <environmentVariable name="PHPRC" value=\\\\server\\websites\\web1\\ /> </environmentVariables> </application> <application fullPath="C:\PHP\php-cgi.exe|-d open_basedir=\\\\server\\websites\\web2\\" activityTimeout="30" requestTimeout="30" instanceMaxRequests="1000" arguments="-d open_basedir=\\\\server\\websites\\web2\\"> <environmentVariables> <environmentVariable name="PHP_FCGI_MAX_REQUESTS" value="10000" /> <environmentVariable name="PHPRC" value=\\\\server\websites\\web2\\ /> </environmentVariables> </application> </fastCgi>   <location path="Web1.com"> <system.webServer> <handlers accessPolicy="Read, Script"> <add name="PHP_via_FastCGI" path="*.php" verb="*" modules="FastCgiModule" scriptProcessor="C:\PHP\php-cgi.exe|-d open_basedir=\\\\server\\websites\\web1\\" resourceType="Unspecified" requireAccess="Script" /> </handlers> </system.webServer> </location>   Thanks, Jon Ebersole

• 10-07-2009, 2:47 PM

  In reply to

  pierrejoye Joined on 02-12-2009, 10:52 PM Germany Posts 73

  Re: Bug? open_basedir using UNC path in applicationhost.config file... Reply Contact You can create one php.ini and define open_basedir per directory/host using the [PATH ...] directive. 5.3.1 will also have ACL support fully functional, which is basically way better than open_basedir as it uses windows native permissions system. You will then only need to use impersonate and use the right user for each site/app (connect as). -- Pierre http://blog.thepimp.net | http://windows.php.net

• 10-07-2009, 2:53 PM

  In reply to

  jon.ebersole Joined on 06-26-2002, 12:58 PM Pennsylvania, USA Posts 16	Re: Bug? open_basedir using UNC path in applicationhost.config file... Reply Contact Nice, i like the idea of only needing one PHP.ini file.  Do you have any easy examples of the [PATH ...] directive that you can post?  The online documentation for PHP isn't very easy to use and it lacks real life examples most of the time. Thanks, Jon Ebersole

• 10-07-2009, 2:59 PM

  In reply to

  don.raman Joined on 03-16-2009, 5:34 PM Posts 331	Re: Bug? open_basedir using UNC path in applicationhost.config file... Reply Contact This post by Ruslan is really good in explaining this. I was able to set it up PERDIR using PATH in no time following this. The link to the post is http://blogs.iis.net/ruslany/archive/2009/07/11/per-site-php-configuration-with-php-5-3-and-iis.aspx. Thanks, Don.

• 10-09-2009, 8:58 AM

  In reply to

  jon.ebersole Joined on 06-26-2002, 12:58 PM Pennsylvania, USA Posts 16	Re: Bug? open_basedir using UNC path in applicationhost.config file... Reply Contact Great! That is really good info as well.  It gives me a lot of control, which is what we need at this point. Thanks for that extra info. Thanks, Jon Ebersole