New PHP setup (done)

Updated Aug 12 at 07:45 CDT (first posted Jul 24 at 07:59 CDT) by Remi in General  - 0 comment(s)

We're gradually rolling out a new PHP setup to all of our servers. This new setup fixes a security issue.

With the new setup PHP scripts are executed with mod_php as the user that the file belongs to. This means that there are no more permission issues and no more issues with files uploaded through PHP being owned by Apache.

Note that a small percentage of sites might need a few changes to keep working the same way with the new setup. Here are some changes that we will do to this small percentage of sites:

• If you are setting PHP options in a .htacess file (for instance: "php_flag register_globals on") we will enclose them in an "IfModule" tag like this: "<IfModule php5_module>php_flag register_globals on</IfModule>"
• If you are serving PHP files with ".html" extensions, the AddType directive will not work any more. Please see our KB article for an alternate solution.
• If you have some uploaded files that are owned by apache we will change the file owner back to you.
• PHP currently reports REMOTE_ADDR as 127.0.0.1 due to the proxy configuration. We expect to roll out a fix for this on Friday August 8, 2008.

So far, the following servers have the new PHP setup: dweb18 to dweb25, web21 to web28, web41 to web43

We will update this post with the rollout schedule for other servers.

Update (31 July, 9.30am GMT): Over the next few hours the new PHP setup will be deployed to the following servers: web29 to web40, web44, web45, dweb26 to dweb33.

Update (31 July, 18.10pm GMT): The following servers now use the new PHP setup: web21 and above, dweb18 and above.