How Configure The Fastcgi Module And PHP To Host PHP Applications On IIS 7 And Above

In this article, you would learn the means of configuring FastCGI element and also how you can configure PHP in order to enable it to host all applications of PHP on IIS 7 web server and recent versions.

On the IIS platform, the FastCGI element allows enable those widely-utilized application frameworks that at the same time offer support to the FastCGI elements and makes it possible for  the elements to be hosted in a dependable and high performance way on the Web Server of the IIS. FastCGI makes provisions for an interchange to the Common Gateway Interface (CGI) which is a top class means of interfacing external applications with those Web Servers which has been a feature supported by IIS since the first time when it was released.

CGI programs are files which can be executed and at most times; the Web Servers launch them for every request which defines processing the request and generating special responses that would then be returned to that user. Due to the fact that multi-threaded execution is not supported by a lot of these frameworks, the CGI would then assist them to reliably execute on the IIS Platform by the exact execution of a single request for every process. Because of the expense involved in beginning and also shutting down a single process for every query, it produces a very poor result.

By making provision for a means by which a process is used again and again to handle lots of requests, the FastCGI resolves all issues pertaining to performance which are common with CGI. By making provisions for a pool of processes which can be used again, and making sure that only a request is handled by only a process at once, the FastCGI do maintain compatibility alongside those libraries which are “non-thread-safe”.

Security Isolation for PHP Web Sites

All IIS recommendations for isolating general security is consistent with the recommendations used  in order to isolate web sites which supports PHP in an environment which can be shared for hosting.  The recommendation for isolating PHP Web sites in a shared hosting environment is consistent. Thus, the recommendations below:

• Ensure that you utilize a single application pool for just one website.
• Ensure that for the application pool, you utilize a dedicated user account
• In order to make use of the identity of the application pool, configure a user identity which is anonymous.
• Make sure that you enable FastCGI Impersonation in the file of the php.ini thus :(fastcgi.impersonate=1)

PHP Process Recycling Behavior

Make sure that before you begin the recycling for the native PHP, FastCGI has already recycled the processes of the php-cgi.exe. The recycling behaviors of the FastCGI system are regulated by the “instanceMaxRequests” configuration attributes. Now that particular property makes specifications of the number of queries that the FastCGI can manage prior to recycling.

Also, the PHP has a related system of recycling feature regulated by the PHP_FCGI_MAX_REQUESTSenvironment. By making sure that the instanceMaxRequestshas a setting which is either equal to or less than the PHP_FCGI_MAX_REQUESTS, you can then be assured that the recycling logic for the native PHP won’t ever activate.

In order to configure the settings of the FastCGI, you can either make use of the AppCmd commands Line tool or the IIS Manager.

A: How to use IIS Manager to Configure the Recycling Settings of FastCGI

Step 1: Select FastCGI Settings

Make sure that you have installed the IIS Administration Pack on the server you own and click on the IIS Manager to open. Then click twice on the FastCGI Settings at the level of the server.

Step 2: Select Edit option

Choose the particular FastCGI app that you wish to configure, and then select the panel tagged “Action” and choose the edit option.

Step 3: Configure the “InstanceMaxRequests“

In the Edit FastCGI Application dialogbox, integrate 10000 as the InstanceMaxRequestssetup and choose the tab tagged “Browse” located close to the settings for the EnvironmentVariables.

Step 4: Add Environment

For the EnvironmentVariables Collection Editor, dialog box integrate the "PHP_FCGI_MAX_REQUESTS"environment variableand select 10000 its value.

This is essential because if you do not configure the setting the system will automatically apply the default setting below for you:

For theinstanceMaxRequests = “200”

For the PHP_FCGI_MAX_REQUESTS = “500” (mainly used on PHP configurations).

How to Configure FastCGI Recycling Settings By Using The Command Line

In order to configure PHP and FastCGI’s recycling behaviors, then make use of the AppCmd with the use of the commands below:

consoleCopy

C:>%windir%system32inetsrvappcmd set config -section:system.webServer/fastCgi /[fullPath='c:{php_folder}php-cgi.exe'].instanceMaxRequests:10000
 
C:>%windir%system32inetsrvappcmd.exe set config -section:system.webServer/fastCgi /+"[fullPath='C:{php_folder}php-cgi.exe'].environmentVariables.[name='PHP_FCGI_MAX_REQUESTS',value='10000']"

Enabling PHP Versioning

Most of the PHP supported applications depends on features or functions that only particular PHP versions has available. For that particular server to host these applications types, then various versions of the PHP is to be enabled and would also have to run concurrently with it.Running of multiple PHP versions on that same Web Server is supported totally by the handler for IIS FastCGI.

An example is when is when you have plans to integrate PHP 5.2.5, 5.2.1, and 4.4.8, all as non-thread-safe on the web server you own. You must first insert on the file’s system and in different folders, the equivalent PHP binaries in order to allow that particular configuration. (e.g. C:/php525/, C:/php521 and C:/php448/nts).  And after that, you need to create for every version, different process pools for FastCGI applications.

consoleCopy

C:>%windir%system32inetsrvappcmd set config /section:system.webServer/fastCGI /+[fullPath='c:php525ntsphp-cgi.exe']
 
C:>%windir%system32inetsrvappcmd set config /section:system.webServer/fastCGI /+[fullPath='c:php521php-cgi.exe']
 
C:>%windir%system32inetsrvappcmd set config /section:system.webServer/fastCGI /+[fullPath='c:php448php.exe']

In  a situation where you have three websites “site 1”, “site 2” and “site 3” and for each of the site, a separate version of PHP must be used. You can then make definitions of the handler mappings on every single one of the sites in order to make a reference to a corresponding process pool for the FastCGI app.

Take good care to note that for each of the process pool

for FastCGI, a unique identity is created by combining argument and fullPath properties.

C:>%windir%system32inetsrvappcmd set config site1 -section:system.webServer/handlers /+"..[name='PHP448_via_FastCGI',path='*.php',verb='*',modules='FastCgiModule',scriptProcessor='c:php448php.exe',resourceType='Either']
 
C:>%windir%system32inetsrvappcmd set config site2 -section:system.webServer/handlers /+"..[name='PHP521_via_FastCGI',path='*.php',verb='*',modules='FastCgiModule',scriptProcessor='c:php521php-cgi.exe',resourceType='Either']
 
C:>%windir%system32inetsrvappcmd set config site3 -section:system.webServer/handlers /+"..[name='PHP525nts_via_FastCGI',path='*.php',verb='*',modules='FastCgiModule',scriptProcessor='c:php525ntsphp-cgi.exe',resourceType='Either']

PHP Security Recommendations

In order to ensure that when installing PHP, you have a tight security, the below settings would be of a very high assistance. First step to doing this is to find and click the php.ini file open, and then edit the settings for configurations as listed below.

allow_url_fopen=Off allow_url_include=Off

This setting is used to disable remote URLs used for functions of file handling, which may cause vulnerabilities of code injection.

register_globals=Off

The setting is used to disable register_globals

open_basedir="c:inetpub"

The setting is used to restrict the areas that can be written and read by PHP processes on a file system.

safe_mode=Off safe_mode_gid=Off
The setting is used to disable the safe mode.
max_execution_time=30 max_input_time=60
The setting is used to limit the time for script execution
memory_limit=16M upload_max_filesize=2M post_max_size=8M max_input_nesting_levels=64

This setting is used to limit the usage of memory and the sizes of files

display_errors=Off log_errors=On error_log="C:pathofyourchoice"

This setting is used to configure logging and error messages

fastcgi.logging=0

This setting would make the IIS FastCGI module fail any request when PHP sends a data on stderr by the use of the protocol of FastCGI. It also disables FastCGI logging thus preventing PHP from being able to send error information over stderr and being able to generate 500 response codes for the client.

expose_php=Off

This setting is used to hide the PHP’s presence.

Conclusion

There you have it, all the tips and steps that’ll help you to Configure The Fastcgi Module And PHP To Host PHP Applications On IIS 7 And Above. You should be able to perform the action if you have follow the steps in this article till the end. However, if you happen to get stocked along the line, feel free to leave a comment to get help from the member of the community

Check out these top 3 Best web hosting services