Security Alert! The PHP CGI cannot be accessed directly.

Hi,

I have turned on errors in the PHP.ini and I get this

Security Alert! The PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive.

For more information as to why this behaviour exists, see the manual page for CGI security.

For more information about changing this behaviour or re-enabling this webserver, consult the installation file that came with this distribution, or visit the manual page.

PHP: Error parsing C:WINNTphp.ini on line 260



I am a bit confused because I have already set CGI.FORCE_REDIRECT to 0

qali

<quote from="php.ini">
; cgi.force_redirect is necessary to provide security running PHP as a CGI under
; most web servers. Left undefined, PHP turns this on by default. You can
; turn it off here AT YOUR OWN RISK
; **You CAN safely turn this off for IIS, in fact, you MUST.**
; cgi.force_redirect = 1
cgi.force_redirect = 0

; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
; will look for to know it is OK to continue execution. Setting this variable MAY
; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
; cgi.redirect_status_env = ;
</quote>

you have to set a env too like

cgi.redirect_status_env ="yes";

if it works? tell me?

that will defently work.

I didn't have to do that. I just set cgi.force_redirect = 0 and the system jumped alive. (Running under Xitami 2.4d9 / Win32). Maybe I'm just special. 8)

You sure that other guy removed the semicolon from in front? Silly question, I know, but I was silly enough to just change the 1 to a 0 at the end of the example without actually removing the semi-colon. Took me a few minutes before I realized what the real problem was! haha.