As the title states, how would one go about securing PHP in a multi-website WAMP environment? What I am attempting to achieve is a setup similar to what one would do using PHP-FPM - separate pools assigned to specific users that restrict file system access. Although I do not use WampServer, I do have a WAMP stack and I am hoping the WamServer gurus - in their infinite wisdom - can help.
My setup is pretty straightforard. One VirtualHost per website using mod_fcgid with:
AddHandler fcgid-script php
FcgidInitialEnv PHP_INI_SCAN_DIR "A_DIRECTORY"
FcgidWrapper "PATH_TO__php-cgi.exe"
mod_fcgid allows me to specify PHP_INI_SCAN_DIR per VirtualHost and I use this to set open_basedir to lock it into it's DOCUMENT_ROOT. Unfortunately, this setting carries a huge performance cost that has come to bite me.
I would love to somehow configure mod_fcgid in such a way to be able to disable open_basedir without losing the file access prevention benefits it provides.
So, I ask the community - how does WampServer secure PHP in multi-website environments?
Thanks!
My setup is pretty straightforard. One VirtualHost per website using mod_fcgid with:
AddHandler fcgid-script php
FcgidInitialEnv PHP_INI_SCAN_DIR "A_DIRECTORY"
FcgidWrapper "PATH_TO__php-cgi.exe"
mod_fcgid allows me to specify PHP_INI_SCAN_DIR per VirtualHost and I use this to set open_basedir to lock it into it's DOCUMENT_ROOT. Unfortunately, this setting carries a huge performance cost that has come to bite me.
I would love to somehow configure mod_fcgid in such a way to be able to disable open_basedir without losing the file access prevention benefits it provides.
So, I ask the community - how does WampServer secure PHP in multi-website environments?
Thanks!