From: Shane Caraveo <shane@php.net>
Date: Fri, 1 Mar 2002 02:09:59 +0000 (+0000)
Subject: document force-redirect in php.ini
X-Git-Tag: php-4.2.0RC1~235
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=28c5d0f0458304fe6048318567ced2c4610bce19;p=php

document force-redirect in php.ini
---

diff --git a/php.ini-recommended b/php.ini-recommended
index 0f6b4b6af5..a20a5d8934 100644
--- a/php.ini-recommended
+++ b/php.ini-recommended
@@ -365,6 +365,10 @@ default_mimetype = "text/html"
 ;include_path = ".;c:\php\includes"
 
 ; The root of the PHP pages, used only if nonempty.
+; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
+; if you are running php as a CGI under any web server (other than IIS)
+; see documentation for security issues.  The alternate is to use the
+; cgi.force_redirect configuration below
 doc_root =
 
 ; The directory under which PHP opens the script using /~usernamem used only
@@ -379,6 +383,19 @@ extension_dir = ./
 ; disabled on them.
 enable_dl = On
 
+; cgi.force_redirect is necessary to provide security running PHP as a CGI under
+; most web servers.  Left undefined, PHP turns this on by default.  You can
+; turn it off here AT YOUR OWN RISK
+; **You CAN safely turn this off for IIS, in fact, you MUST.**
+; cgi.force_redirect = 1
+
+; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape 
+; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
+; will look for to know it is OK to continue execution.  Setting this variable MAY
+; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
+; cgi.redirect_status_env = ;
+
+
 
 ;;;;;;;;;;;;;;;;
 ; File Uploads ;