Category Archives: configure

Thread Safety in php

Thread safety is a computer programming concept applicable in the context of multi-threaded programs. A piece of code is thread-safe if it only manipulates shared data structures in a manner that guarantees safe execution by multiple threads at the same time.

There have been a few options available for a while to get PHP performing well on linux or IIS.
One solution is to configure web service to use PHP in FastCGI mode which allows PHP processes to be recycled rather than killed off after each PHP request and also allows you to run several PHP processes at once, making PHP much much faster with the added bonus that as it is using the CGI interface there is little or no incompatibility issues with PHP extensions.

The utilization of non thread safe binaries does not allow to use FastCGI mode!

On debian/ubuntu
Thread Safety enable.
# aptitude install apache2-mpm-worker libapache2-mod-fcgid php5-cgi && a2enmod fcgid && /etc/init.d/apache2 restartThread Safety disable.
# aptitude install apache2-mpm-prefork libapache2-mod-php5 && a2dismod fcgid && /etc/init.d/apache2 restart

If your non thread safe binaries software not works, it was because installing apache2-dev package on my system automatically installs apache2-thread-dev whose apxs2 tells the PHP build system to build with thread-safety on. Therefore, the solution was to directly install apache2-prefork-dev package.

Reference: Wikipedia, Tnread Safety dis/able, Install/Purge package

open_basedir restriction in effect

PHP open_basedir protection tweak is a Safe Mode security measure that prevents users from opening files or scripts located outside of their home directory with PHP, unless the folder has specifically excluded. PHP open_basedir setting if enabled, will ensure that all file operations to be limited to files under certain directory, and thus prevent php scripts for a particular user from accessing files in unauthorized user’s account. When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified or permissible directory-tree, PHP will refuse to open it and the following errors may occur:
Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File ...
The above error message appears on a Apache httpd web server error log (error_log). However, the problem may happen to all system or websites that use PHP as scripting language.
The solution or workaround to open_basedir restriction problem is that disable the PHP open_basedir protection altogether, or to exclude the protection for certain privileged user accounts, or to allow access to the additional directory for PHP scripts.

If you’re using cPanel WebHost Manager (WHM), you can easily disable PHP open_basedir protection or exclude certain users from the protection with WHM. Simply go to “Tweak Security” under the “Security” section, then select “Configure” link for “Php open_basedir Tweak”. Inside it, you can enable or disable php open_basedir Protection, or exclude and include hosts from the protection.

If you’re using Plesk hosting control panel, you may need to manually edit Apache configuration file of vhost.conf and vhost_ssl.conf, and add in or edit the following php_admin_value open_basedir lines to the following:

php_admin_value open_basedir none


php_admin_value open_basedir /full/path/to/dir:/full/path/to/directory/httpdocs:/tmp

Note: For SSL hosts in the vhost_ssl.conf file, the Directory path will end with “httpsdocs” instead of “httpdocs”.

The paths (above is example only and to be replaced with real path) that behind open_basedir are the directories that specifically allowed for the PHP scripts in the vhost domain account to access, so you can add in more directories that files are been stored and needed to be opened by PHP, each seperated by color “:”. But be careful as it might expose your system to security fraud.

Once done, restart Apache httpd web server (apache2ctl restart or httpd restart). If you have to manually edit the Apache configuration file to disable PHP open_basedir protection, simply open up the httpd.conf file, and search for the lines that starts with the following characters:
php_admin_value open_basedir …..
Replace the whole line under the virtual host for the domain user account that you want to disable protection with the following line to disable it:
php_admin_value open_basedir none
You can also opt to allow your PHP scripts to access additional directory instead without disabling the protection. Additional directory can be added to the line, separated with color “:”. For example, to add /new_directory to the allow list:
php_admin_value open_basedir “/home/user_account/:/usr/lib/php:/usr/local/lib/php:/tmp”
php_admin_value open_basedir “/home/user_account/:/usr/lib/php:/usr/local/lib/php:/tmp:/new_directory”

Restart the Apache after finished editing. Note that the directory allowed list restriction above is actually a prefix, not a directory name. This means that “open_basedir = /dir/incl” also allows access to “/dir/include” and “/dir/incls” if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: “open_basedir = /dir/incl/”.

Reference: mydigitallife.info