PHP as a Module
Apr 21st, 2008 by abbot
“You don’t get harmony when everybody sings the same note.” — Doug Floyd
In the previous post, “PHP Implementation” we outlined three ways to implement PHP. In this first post, we will examine PHP as an Apache module. When PHP is used as a module, it inherits Apache’s user permissions. PHP basically is operating from within your web server. It starts only once, with the Apache server, loads its settings and extensions only once, and information is stored across sessions. The main advantage is speed.
The configuration, at minimum, will require letting PHP know where the Apache’s apxs tool resides. The apxs tool is a “tool for building and installing extension modules for the Apache HyperText Transfer Protocol (HTTP) server.” In other words, it is the interface between Apache and third-party modules.
For Mac OS X Leopard users, Leopard’s libtool creates php.dSYM instead of the php binary. Gcc calls dsymutil when it creates an executable directly from a source file with debugging enabled so the debugging information will be available. So, under normal libtool operations, .dSYM should only occurs if the object file (php) is temporary. Really old autoconfs fail to detect the correct exe extension and instead of ” set it to ‘.dSYM’. Not really sure what is going on with Leopard, since autoconf is up to date, but I do have a solution. Compile with the CFLAGS set it “-O2.” By doing so, you are not having the compiler turn on the -finline-functions, -funit-at-a-time and -frename-registers options. See GCC Command Options document section “4.10. Options That Control Optimization” for additional details on optimization options. Not sure why Leopard does not behave with higher optimization, but sometimes you have to do what works.
/usr/local/src root# cd php-5.2.5 /usr/local/src/php-5.2.5 root# CC=gcc CFLAGS="-O2" ./configure --with-apxs2=/usr/local/apache/bin/apxs \ --prefix=/usr/local/apache/php |
Before doing any installation, we need to modify the Apache configuration file to load PHP. Do this be adding the following lines to the /usr/local/apache/conf/httpd.conf file:
# Load the PHP module LoadModule php5_module modules/libphp5.so # Associate file extensions with PHP AddHandler application/x-httpd-php .php AddHandler application/x-httpd-php .php3 AddHandler application/x-httpd-php .inc AddHandler application/x-httpd-php .class AddHandler application/x-httpd-php .module # DirectoryIndex index.html index.php |
At this point, you are ready to make and install PHP. First, you will need to change the permission of the Apache instdso.sh since we were pretty restrictive of permissions in our Apache installation. After installing PHP, we will want to place a version of php.ini in /usr/local/apache/php/lib.
/usr/local/src/php-5.2.5 root# chmod u+x /usr/local/apache/build/instdso.sh /usr/local/src/php-5.2.5 root# make /usr/local/src/php-5.2.5 root# make install /usr/local/src/php-5.2.5 root# cp php.ini-recommended /usr/local/apache/php/lib/php.ini /usr/local/src/php-5.2.5 root# /usr/local/apache/bin/apachectl configtest |
As with Apache, PHP has modules. In PHP documents frequently modules are called functions. Some functions can be considered dangerous and may be disabled. Examine which functions are compiled into PHP. Below is a table of functions that will be compiled in by default:
| Module | Description |
|---|---|
| ctype | Character Type Functions |
| date | Date and Time |
| dom | DOM Extension |
| filter | Filter Functions |
| hash | hash Functions |
| iconv | Character set conversion module using IConv |
| json | JSON Functions |
| libxml | |
| pcre | Perl compatible regular expression library |
| PDO | The PHP Data Objects (PDO) extension defines a lightweight, consistent interface for accessing databases in PHP |
| pdo_sqlite | PDO_SQLITE is a driver that implements the PHP Data Objects (PDO) interface to enable access to SQLite 3 databases |
| posix | Module for accessing POSIX system interface |
| Reflection | An object-oriented extension to the Zend Engine |
| session | HTTP session support |
| SimpleXML | Provides a very simple and easily usable toolset to convert XML to an object that can be processed with normal property selectors and array iterators |
| SPL | Standard PHP Library (SPL) |
| SQLite | Extension for the SQLite Embeddable SQL Database Engine |
| standard | A collection of interfaces and classes that are meant to solve standard problems |
| tokenizer | Tokenizer module |
| xml | Extensible Markup Language (XML) parser module |
| xmlreader | XML Pull parser |
| xmlwriter | Wraps the libxml xmlWriter API |
The posix function may be used for reconnaissance exploits. If it is not required, you should disable it. For later work, we require it and will leave it enabled. For those wishing to disable it, do so through the use of the “–disable-posix” option to configure. The important point is to know what is required and choose both functions and configuration options accordingly. Do not enable everything because you may need it at some point. This is the incorrect thinking that many software packages, and operating systems, fall into. The more code, the more possible vulnerabilities that can be exploited.
We will be building on this implementation of PHP. We have several future requirements:
| Module | Description |
|---|---|
| gd | GD library of image functions |
| mysql | Functions allow you to access MySQL database servers |
| sockets | Extension implements a low-level interface to the socket communication functions based on the popular BSD sockets, providing the possibility to act as a socket server as well as a client |
| zlib | Enables you to transparently read and write gzip (.gz) compressed files, through versions of most of the filesystem functions which work with gzip-compressed files (and uncompressed files, too, but not with sockets) |
We add that functionality with the following configuration options:
- –with-gd option will enable PHP to create and manipulate image files with the support of the GD library.
- –with-mysql option will enable PHP access MySQL database servers.
- –enable-sockets option enable socket functions.
- –with-zlib option will enable the use of compression libraries.
Note: Versions of GD older than gd-1.6 support GIF format images, and do not support PNG. Version of GD greater than gd-1.6 and less than gd-2.0.28 support PNG, but not GIF. GIF support was re-enabled in gd-2.0.28. If you get complaints about graphic libraries missing, it is likely due to the version of GD installed.
Look at the modules/functions installed by default with PHP.
/usr/local/src/php-5.2.5 root# /usr/local/apache/php/bin/php -m [PHP Modules] ctype date dom filter hash iconv json libxml pcre PDO pdo_sqlite posix Reflection session SimpleXML SPL SQLite standard tokenizer xml xmlreader xmlwriter [Zend Modules] |
In the previous post, “Introduction to MySQL” MySQL was setup under the /usr/local/mysql directory. This directory will be used in this configuration to add MySQL support to PHP.
If you are compiling under Mac OS X, you should be familiar MacPorts (see posting “MacPorts Under Mac OS X Leopard“). Make sure the required libraries libjpeg, libpng, gd, and zlib are installed. The configuration of PHP requires the locations of these libraries be specified. All these libraries will be located under /opt/local.
There is an issue with Leopards iconv.h file (/usr/include/iconv.h) that can cause the error message “Undefined symbols” as the compiler complains about “_iconv_close, referenced from: _php_iconv_string in iconv.o.” This is caused by multiple iconv.h files on the system. Try moving the Leopard version of the iconv.h file and then linking it to the Macports version.
/usr/local/src/php-5.2.5 root# mv /usr/include/iconv.h \ /usr/include/iconv.h.leo_orig /usr/local/src/php-5.2.5 root# ln -s /opt/local/include/iconv.h \ /usr/include/iconv.h /usr/local/src/php-5.2.5 root# make clean /usr/local/src/php-5.2.5 root# CC=gcc CFLAGS="-O2 -fno-omit-frame-pointer" \ CXX=gcc CXXFLAGS="-O2 -fno-omit-frame-pointer -felide-constructors \ -fno-exceptions -fno-rtti" ./configure --with-apxs2=/usr/local/apache/bin/apxs \ --prefix=/usr/local/apache/php --enable-sockets --with-gd --with-mysql=/usr/local/mysql \ --with-zlib-dir=/opt/local --with-jpeg-dir=/opt/local --with-png-dir=/opt/local /usr/local/src/php-5.2.5 root# make /usr/local/src/php-5.2.5 root# make test /usr/local/src/php-5.2.5 root# make install |
Under Linux, these libraries will be installed as RPMs under the /usr area. The configuration would be slightly different:
/usr/local/src/php-5.2.5 root# make clean /usr/local/src/php-5.2.5 root# CC=gcc CFLAGS="-O3 -fno-omit-frame-pointer" \ CXX=gcc CXXFLAGS="-O3 -fno-omit-frame-pointer -felide-constructors \ -fno-exceptions -fno-rtti" ./configure --with-apxs2=/usr/local/apache/bin/apxs \ --prefix=/usr/local/apache/php --enable-sockets --with-gd --with-mysql=/usr/local/mysql \ --with-zlib-dir=/usr --with-jpeg-dir=/usr --with-png-dir=/usr /usr/local/src/php-5.2.5 root# make /usr/local/src/php-5.2.5 root# make test /usr/local/src/php-5.2.5 root# make install |
Copy the PHP configuration file to the expected location and test the Apache configuration file.
/usr/local/src/php-5.2.5 root# cp php.ini-recommended /usr/local/apache/php/lib/php.ini /usr/local/src/php-5.2.5 root# /usr/local/apache/bin/apachectl configtest /usr/local/src/php-5.2.5 root# /usr/local/apache/bin/apachectl start |
To test if it worked, create a file /var/www/htdocs/index.php containing the lines:
< ?php phpinfo(); ?> |
Access the index.php file through your web browser by going to “http://127.0.0.1/index.php” and you should see a bunch of information concerning your PHP setup. Remove the file.
/usr/local/src/php-5.2.5 root# /usr/local/apache/bin/apachectl stop /usr/local/src/php-5.2.5 root# /bin/rm /var/www/htdocs/index.php |
The Apache server can now serve up PHP files. Remember, PHP is running with the same file permission as the Apache server. Some important changes need to be made to the php.ini file. Please see the posting, “PHP Configuration Modifications.”
Final Words
In the next post, we will examine configuring PHP as a CGI.
[...] « MacPorts Under Mac OS X Leopard PHP as a Module [...]
[...] « PHP as a Module PHP Configuration Modifications [...]
[...] Working together is success.” — Henry Ford Previously, posts discussed PHP Implementation, PHP as a Module, PHP as a CGI, and PHP over FastCGI. This final post discusses some configuration considerations [...]