Home About Articles Contact Library Projects

Consortium News

Fri, 20 Oct 2006
PHP Security Consortium Launches New Project - PHPSecInfo

Wed, 16 Nov 2005
Daniel Convissor Elected as Principal

Promotional Links

Please support us by providing a link to the PHP Security Consortium on your web site. You can also use our promotional image:

PhpSecInfo Test Information

force_redirect

Test Description

Determines if cgi.force_redirect is enabled.

Security Implications

In a typical Apache+PHP-CGI setup, the PHP binary is located underneath the web site's document root. [more]

By default, cgi.force_redirect is enabled.

Note that some web servers, like IIS and OmniHTTPD, require cgi.force_redirect to be disabled.

Recommendations

Unless your web server requires cgi.force_redirect to be disabled, leave it enabled.

You should enable cgi.force_redirect in the php.ini file:

; Enable cgi.force_redirect for security reasons
cgi.force_redirect = 'on'

The setting can also be enabled in apache's httpd.conf file:

# Enable cgi.force_redirect for security reasons
php_flag  cgi.force_redirect  on

More Information

PHP.net manual: cgi.force_redirect

« Test information index

Get PhpSecInfo

Download Now »

Version: 0.2.1 20070406
md5 hash

Documentation

Mailing List »

Screenshots:

PhpSecInfo screenshot

PhpSecInfo screenshot