Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Installing FCGI Securely

Discussion in 'Workarounds and Optimization' started by markb14391, Feb 4, 2011.

  1. markb14391

    markb14391 Well-Known Member

    Joined:
    Jun 9, 2008
    Messages:
    305
    Likes Received:
    2
    Trophy Points:
    68
    We want to move from suphp to FCGI (with SuExec) for various reasons. However, we are concerned by this warning:

    So, how can we modify the configuration to be secure? This seems to be very elusive information. We basically want the same type of security as suphp without the performance hit and the inability to use opcode caches like APC.

    Any help will be appreciated.

    Thanks,

    Mark
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. markb14391

    markb14391 Well-Known Member

    Joined:
    Jun 9, 2008
    Messages:
    305
    Likes Received:
    2
    Trophy Points:
    68
    Thank you.

    Does this tutorial accomplish the same thing from a security standpoint?

    Also, I heard that fine-tuning is needed to prevent unused/leftover PHP processes from building up. What do you recommend there?

    And, are those the only two main concerns regarding configuration of FCGI (security and process tuning)?

    Thanks!
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    That tutorial only allows custom php.ini files per account. It isn't setting a wrapper in place of using the binary there for each account.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice