PHP Settings
PHP is one of the most popular scripting languages for creating dynamic web pages. The majority of today's websites and web applications are based on PHP scripts. Thus, site administrators should clearly understand how they can control the execution of PHP scripts.
There are two main aspects that completely define how PHP scripts will be executed for a certain website: The PHP handler type and values of PHP settings for the site. You can set up these parameters for a certain website by selecting the site from the list in Websites & Domains.
PHP Handler
When a visitor accesses a site based on PHP scripts, a web server interprets site scripts to generate a page that will be shown to the visitor. PHP handler calls PHP libraries needed for this interpretation. You can choose from a number of PHP handlers: ISAPI (Windows), Apache module (Linux), FastCGI, or CGI application. The decision on what PHP handler to choose should depend on a number of factors like security considerations, script execution speed, and memory consumption.
Choose one of the following PHP handlers at the Websites & Domains > select a website > General tab > PHP support:
Performance |
Memory Usage |
Security |
|
Apache module (Linux only) |
High. Runs as a part of the Apache web server. |
Low |
This handler (also known as mod_php) is the least secure option as all PHP scripts are executed on behalf of the Note: You can evade some security issues by turning the PHP safe_mode option on. It disables a number of PHP functions that bring potential security risk. Note that this may lead to inoperability of some web apps. The safe_mode option is considered to be obsolete and is deprecated in PHP 5.3. |
ISAPI extension (Windows only, not supported since PHP 5.3) |
High. Runs as a part of the IIS web server. |
Low |
The ISAPI extension can provide site isolation in case a dedicated IIS application pool is switched on for subscriptions. Site isolation means that sites of different customers run their scripts independently. Thus, an error in one PHP script does not affect the work of other scripts. In addition, PHP scripts run on behalf of a system user associated with a hosting account. Note: The ISAPI extension handler is not supported since PHP 5.3. |
CGI application |
Low. |
Low |
The
CGI handler provides PHP script execution on behalf of a system user
associated with a hosting account. On Linux, this behavior is possible
only when the suEXEC module of the Apache web server is on (default
option). In other case, all PHP scripts are executed on behalf of the We recommend that you use the CGI application handler only as a fall-back. |
FastCGI application |
High (close to Apache module and ISAPI extension). Keeps the processes running to handle further incoming requests. |
High |
The FastCGI handler runs PHP scripts on behalf of a system user associated with a hosting account. |
Note: Switching PHP from Apache module to FastCGI application may break functionality of existing PHP scripts.
If you use Windows hosting, you can additionally choose a PHP version. Always use PHP 5.x except the cases when you need PHP 4.x to host some old PHP apps.
PHP Settings
PHP behavior is defined by a number of configuration settings. These settings specify various script execution aspects, like performance (for example, the amount of memory a script can use), security (for example, access to file system and services), and so on. You may adjust these settings for a number of reasons:
- Preventing a memory leak or server hang-up by poorly written scripts.
- Protecting data from malicious scripts.
- Meeting the requirements of a certain web app.
- Testing own scripts and other.
All customizable PHP settings are located in the Control Panel, Websites & Domains > select a website > PHP Settings tab. For convenience, all PHP settings are divided into three groups:
- Performance settings.
These settings define how scripts work with system resources. For example: Use thememory_limitparameter to limit the amount of memory for a script to prevent a memory leak. In addition, you can prevent scripts from tying up the server by limiting the maximum time scripts are allowed to run inmax_execution_time. - Common settings.
This group contains other commonly used PHP settings. Generally, these are: Security settings (for example, the PHP safe mode toggle or the permission to register global variables), error reporting settings (for example, the directive to log errors), and others. - Additional configuration directives.
If you cannot find particular parameters among performance or common settings, add them to the Additional configuration directives field. All directives from that field will be included in the final PHP configuration. For example, if you want PHP to log errors to your own file, add the line:error_log=/tmp/my_file.log.
You can set the value of each parameter in PHP Settings either by selecting a value from a preset, typing a custom value, or leaving the Default value. In the latter case, Panel uses the values defined by the server-wide php.ini file. For information about certain PHP settings, refer to the respective documentation. For example, http://php.net/manual/en/ini.list.php.
It is possible to use three placeholders in parameter values:
{DOCROOT}for the document root directory of a domain that gets custom PHP configuration.{WEBSPACEROOT}for the root directory of a subscription (webspace).{TMP}for the directory which stores temporary files.
Note: Custom PHP configuration of a website acts as a preset for all subdomains of this site. You can perform further per-subdomain PHP configuration in the same way as for the websites.
