Consortium News
Promotional Links
Please support us by providing a link to the PHP Security Consortium on your web site. You can also use our promotional image:

PhpSecInfo Test Information


Test Description

Determines if cgi.force_redirect is enabled.

Security Implications

In a typical Apache+PHP-CGI setup, the PHP binary is located underneath the web site's document root. [more]

By default, cgi.force_redirect is enabled.

Note that some web servers, like IIS and OmniHTTPD, require cgi.force_redirect to be disabled.


Unless your web server requires cgi.force_redirect to be disabled, leave it enabled.

You should enable cgi.force_redirect in the php.ini file:

; Enable cgi.force_redirect for security reasons
cgi.force_redirect = 'on'

The setting can also be enabled in apache's httpd.conf file:

# Enable cgi.force_redirect for security reasons
php_flag  cgi.force_redirect  on

More Information

« Test information index

Get PhpSecInfo