Apache Web Server Configuration

If you are a system administrator interested in installing PHP, I used the RPM package, with the Apache web server. Installing PHP included running RPM once, editing the httpd.conf file to make sure the file formats were correct, and restarting Apache.

Apache decides which files to run through the PHP preprocessor based on the file extension. Normal HTML code is fine in PHP files: the PHP preprocessor leaves it alone, and the client sees it as usual. One thing I've done that some might consider odd: normally, only files ending in the .php3 extension are processed by PHP, but I have set our servers so that all files with the .html file are also processed. I did this so that library staff didn't have to relabel all their files or create new ones: they can simply re-edit their existing files to include PHP statements. There is a theoretical downside to this idea: this means that all HTML files on the server are passsed through the PHP preprocessor whether they need to be or not, and this could increase the load on your server. I've had no problems, but my server runs no where near capacity.

Modify your httpd.conf, making sure the following lines aren't commented out:

LoadModule php3_module        modules/libphp3.so
AddModule mod_php3.c

Note that these lines aren't usually right next to each other. Modify your httpd.conf if you are running a recent version of Apache, or your srm.conf if you are running an older version, uncommenting the line:

AddType application/x-httpd-php3 .php3

If you want all HTML files parsed by the PHP handler, add the following line:

AddType application/x-httpd-php3 .html

You will see references to .php files: these are relics of PHP v.2, and shouldn't apply to you (so long as you're working with PHP v.3).

One of the greatest powers of PHP is to write to the hard drive of the server. This allows PHP programmers to create wonderful interactive web sites. But it also means that you ARE writing to your web server. Packages that do this (PHP implementations/imitations of http://www.slashdot.org/ are a prime example) are common, and the sysadmin or a user can download and install one. Since PHP can only write with the permissions of the web server (usually "nobody" or equivalent), many files and directories may end up being created with what a PHP programmer I talked with happily referred to as "the permissions of the beast." That is, "666," meaning everybody can read the file or directory, and everybody can write to the file or directory. This can be a security issue.