Disadvantages and big advantages of php in fastcgi mode

In this article, we’ll talk about php hosting for a simple user and why it’s better to choose hosting with php running in cgi / fastcgi mode, despite some disadvantages of php cgi-mode. We do not consider the performance of this solution, since the hoster should take care of the performance.

Choosing php hosting

So, what does a regular user pay attention when choosing a php hosting? Of course, it is necessary that all functions in php work and safe_mode and open_basedir modes are not enabled. But, unfortunately, there are no such completely ideal cases on hosting, and if there is, it is better, paradoxically, not to take hosting there.

You may ask, why so?

Everything is quite simple - such a completely ideal case can only be if mod_php is used on the hosting when all functions are turned on and safe_mode and open_basedir are turned off.

And what's wrong with that?

In this case, another problem arises - if php works like mod_php, then all the scripts of all hosting users work from the apache user and any hosting user can read any file from their server neighbors with php scripts, for example, with a function like fopen and similar functions opening and reading files, which when using well-known content management systems (CMS) can be quite fatal - guessing which file they are in and reading passwords to mysql databases will be quite simple.

You can say - but how is it, because hosters are not stupid, there have to be ways to limit users when using mod_php?

Yes, of course, there are such methods - safe_mode, open_basedir, disabling the operation of "dangerous" functions like fopen () or installing special modules on apache, which make user scripts work not from the apache user, but from users. But, unfortunately, these methods have huge drawbacks - disabling the "dangerous" functions, safe_mode, open_basedir limit the user to use many CMS and scripts, and apache modules that allow scripts to work from hosting users (such as mpm-itk, mpm -peruser) have many problems, are not supported by apache developers and are kind of “hacks”, which limits their use on serious hosting servers.

PHP in CGI / FastCGI mode

But still there is a way out of this situation - you can use php in cgi / fastcgi mode. Then the scripts work with the rights of hosting users, they cannot read / run other neighbors scripts, that is, in this case the security is very high. Such modes of operation are supported by apache and php developers, so, such a solution is quite workable and well tested. But, of course, there are drawbacks to such a solution - in cgi / fastcgi mode, apache passes all requests to php scripts to the php interpreter, which already processes the script and gives an apache response. But apache does not pass all php headers, php flags (php_value, etc.) do not work in .htaccess, and mod_rewrite also does not work fully. But all these problems can be solved - when using php in cgi mode, it is usually possible to edit your own php.ini, which the php interpreter will use instead of the server one.

The priority of choice is, of course, before the user, but he should not recklessly “firsthand” decide what he needs, but he must understand that the hosting cannot do everything so perfectly that security is at its best and absolutely all scripts work that they work in tests on the localhost, since the localhost is not a real hosting account and the hoster on its server must provide not only the operation of your sites on the account, but also think about the fact that users on this server could not create any problems for their neighbors.