Friday, May 15, 2009

Custom PHP.ini and .htaccess rules

Describes in exhaustive detail how to change configuration settings and implement a custom php.ini file for use with the Apache Web Server.


  • When php run as Apache Module (mod_php)
  • When php run as CGI
  • When cgi?d php is run with wrapper (for FastCGI)

.htaccess code from Ultimate htaccess file


AddHandler application/x-httpd-php .php .htm


AddHandler php-cgi .php .htm


AddHandler phpini-cgi .php .htm
Action phpini-cgi /cgi-bin/php5-custom-ini.cgi


AddHandler fastcgi-script .fcgi
AddHandler php-cgi .php .htm
Action php-cgi /cgi-bin/php5-wrapper.fcgi


AddHandler php-cgi .php .htm
Action php-cgi /cgi-bin/php.cgi

When php run as Apache Module (mod_php)

in root .htaccess

SetEnv PHPRC /location/todir/containing/phpinifile

When php run as CGI

Place your php.ini file in the dir of your cgi’d php, in this case /cgi-bin/

htaccess might look something like this

AddHandler php-cgi .php .htm
Action php-cgi /cgi-bin/php5.cgi

When php is run as cgi

Create a wrapper script called phpini.cgi to export the directory that contains the php.ini file as PHPRC

export PHPRC=/home/site/
exec /user/htdocs/cgi-bin/php5.cgi

In your .htaccess or httpd.conf file

AddHandler php-cgi .php
Action php-cgi /cgi-bin/phpini.cgi

When cgi’d php is run with wrapper (for FastCGI)

You will have a shell wrapper script something like this:

exec /user/htdocs/cgi-bin/php5.cgi

Change To

exec /user/htdocs/cgi-bin/php.cgi -c /home/user/php.ini


  • Since PHP 5.1.0, it is possible to refer to existing .ini variables from within .ini files. open_basedir = ${open_basedir} ":/new/dir"
  • In order for PHP to read it, config file must be named php.ini
  • SetEnv PHPRC only works when using PHP as CGI, not when using php as an Apache Module

Default locations to look for php.ini

PHP looks for custom php.ini in this order:

In the Current working directory

  1. Place your php.ini in the same directory as the php executable.
  2. If php executable is here: /home/user1/htdocs/cgi-bin/
  3. then place your php.ini file here: /home/user1/htdocs/cgi-bin/php.ini

In the path specified by the environment variable PHPRC

  1. If you can use SetEnv in .htaccess files–> in the root .htaccess file specify the path to the directory containing php.ini SetEnv PHPRC /home/user1
  2. If you can’t use SetEnv and you are using a wrapper shell script place this in your wrapper shell script export PHPRC=/home/user1

In the path that was defined at compile time with –with-config-file-path

  • The path in which the php.ini file is looked for can be overridden using the -c argument in command line mode. (cgi) /home/user1/htdocs/cgi-bin/php.cgi -c /home/user1/php.ini
  • With this option one can either specify a directory where to look for php.ini or you can specify a custom INI file directly (which does not need to be named php.ini),$ php -c /custom/directory/custom-file.ini my_script.php
  • Under Windows, the compile-time path is the Windows directory. Place php.ini in one of the directories, C:\windows or C:\winnt

php.ini is searched for in these locations in this order

NOTE: The Apache web server changes the directory to root at startup causing PHP to attempt to read php.ini from the root filesystem if it exists. If php-SAPI.ini exists (where SAPI is used SAPI, so the filename is e.g. php-cli.ini or php-apache.ini), it’s used instead of php.ini. SAPI name can be determined by php_sapi_name(). You can use also use the predefined PHP_SAPI constant instead of php_sapi_name()

Read this article: If your server is running Windows

  1. SAPI module specific location
    • PHPIniDir directive in Apache 2
    • -c command line option in CGI and CLI
    • php_ini parameter in NSAPI
    • PHP_INI_PATH environment variable in THTTPD
  2. The PHPRC environment variable (Before PHP 5.2.0 this was checked after the registry key mentioned below.)
  3. HKEY_LOCAL_MACHINE\SOFTWARE\PHP\IniFilePath (Windows Registry location)
  4. Current working directory (for CLI)
  5. The web server’s directory (for SAPI modules)
  6. Directory of PHP (If Windows)
  7. Windows directory (C:\windows or C:\winnt)
  8. –with-config-file-path compile time option

Directions for custom php.ini for Powweb Customers

Specific to Powweb, but can be used elsewhere.

SetEnv PHPRC /home/users/web/bEXAMPLE/pow.EXAMPLE
  1. In the folder above the htdocs (your ROOT) for the domain you want a custom php.ini file for, create an htaccess file with the above content:
  2. Then create a blank php.ini also in your ROOT directory (/home/users/web/bEXAMPLE/pow.EXAMPLE). Next copy the powweb php.ini text to your php.ini file and customize it.
  3. You can test to make sure you are using the new php.ini by running phpinfo(); If you want multiple php.ini files, then use .htaccess files to set the PHPRC variable to the directory that the php.ini file you want to use is in.

File structure from ROOT directory

| `-- htdocs
| | |-- cgi-bin
| | | `-- dl.cgi
| | `-- index.html
| |-- phpsessions
| |-- php.ini
| `-- .htaccess
| `-- htdocs
| | |-- cgi-bin
| | | `-- dl.cgi
| | `-- index.html
| |-- phpsessions
| |-- php.ini
| `-- .htaccess
`-- htdocs
| |-- cgi-bin
| | `-- dl.cgi
| `-- index.html
|-- phpsession
|-- php.ini
`-- .htaccess

Powweb File Permissions

Remember to chmod 640 all .htaccess files, chmod 600 your php.ini files, chmod 600 your php flies, and chmod 705 your cgi scripts.. if you don’t want ftp users to be able to change the file than chmod 400.


What’s the difference between PHP-CGI and PHP as an Apache module?

Benefits of PHP-CGI

  • php-cgi is more secure. The PHP runs as your user rather than dhapache. That means you can put your database passwords in a file readable only by you and your php scripts can still access it!
  • php-cgi is more flexible. Because of security concerns when running PHP as an Apache module, we disabled commands with the non-CGI PHP. This will cause install problems with certain popular PHP scripts if you run PHP not as a CGI!
  • php-cgi is just as fast as running PHP as an Apache module, and we include more default libraries.

Caveats of PHP-CGI

If one of these is a show-stopper for you, you can easily switch to running PHP as an Apache module and not CGI, but be prepared for a bunch of potential security and ease-of-use issues! If you don’t know what any of these drawbacks mean, you’re fine just using the default setting of PHP-CGI and not worrying about anything!

  • Variables in the URL which are not regular ?foo=bar variables won’t work without using (mod_rewrite)
  • Custom php directives in .htaccess files (php_include_dir /home/user;/home/user/example_dir) won’t work.
  • The $_SERVER['SCRIPT_NAME'] variable will return the php.cgi binary rather than the name of your script
  • Persistant database connections will not work. PHP’s mysql_pconnect() function will just open a new connection because it can’t find a persistant one.

PHP’s configuration file

The configuration file (called php3.ini in PHP 3, and simply php.ini as of PHP 4) is read when PHP starts up. For the server module versions of PHP, this happens only once when the web server is started. Note: For the CGI and CLI version, php.ini is read on every invocation.

Running PHP as Apache module (mod_php)

When using PHP as an Apache module, you can also change the configuration settings using directives in Apache configuration files (e.g. httpd.conf) and .htaccess files. You will need one of these privileges:

AllowOverride Options
AllowOverride All

With PHP 4 and PHP 5, there are several Apache directives that allow you to change the PHP configuration from within the Apache configuration files.

NOTE: With PHP 3, there are Apache directives that correspond to each configuration setting in the php3.ini name, except the name is prefixed by “php3_”.

php_value name value
Sets the value of the specified directive. Can be used only with PHP_INI_ALL and PHP_INI_PERDIR type directives. To clear a previously set value use none as the value.
php_flag name on|off
Used to set a boolean configuration directive. Can be used only with PHP_INI_ALL and PHP_INI_PERDIR type directives.
php_admin_value name value
Sets the value of the specified directive. This can not be used in .htaccess files. Any directive type set with php_admin_value can not be overridden by .htaccess or virtualhost directives. To clear a previously set value use none as the value.
php_admin_flag name on|off
Used to set a boolean configuration directive. This can not be used in .htaccess files. Any directive type set with php_admin_flag can not be overridden by .htaccess or virtualhost directives.

NOTE: Don’t use php_value to set boolean values. use php_flag instead.

Change php settings in .htaccess or httpd.conf

mod_php .htaccess example

add settings to a .htaccess file with ‘php_flag’ like this:

php_flag register_globals off
php_flag magic_quotes_gpc on

In .htaccess, only true/false on/off flags can be set using php_flag. To set other values you need to use php_value, like this:

php_value upload_max_filesize 20M

PHP_INI_SYSTEM can be configured per-directory by placing it inside a per-directory block in httpd.conf

# Selectively enable APC for wildly popular directories
# apc.enabled is Off in php.ini to reduce memory use

php_flag apc.enabled On

NOTE: In order for these settings to work in your htaccess file, you will need to add “Options” to your AllowOverride specifications for the directory/webserver if it’s not already allowed.

Src: How to change configuration settings

php_value include_path ".:/home/askapache/lib/php"
php_admin_flag safe_mode on

php_value include_path ".:/home/askapache/lib/php"
php_admin_flag safe_mode on

php3_include_path ".:/home/askapache/lib/php"
php3_safe_mode on

Modify PHP configuration via Windows Registry

When running PHP on Windows, the configuration values can be modified on a per-directory basis using the Windows registry. The configuration values are stored in the registry key HKLM\SOFTWARE\PHP\Per Directory Values, in the sub-keys corresponding to the path names. For example, configuration values for the directory c:\inetpub\wwwroot would be stored in the key HKLM\SOFTWARE\PHP\Per Directory Values\c\inetpub\wwwroot. The settings for the directory would be active for any script running from this directory or any subdirectory of it. The values under the key should have the name of the PHP configuration directive and the string value. PHP constants in the values are
not parsed. However, only configuration values changeable in PHP_INI_USER can be set this way, PHP_INI_PERDIR values can not.

Methods to modify PHP configuration

Regardless of how you run PHP, you can change certain values at runtime of your scripts through ini_set().

If you are interested in a complete list of configuration settings on your system with their current values, you can execute the phpinfo() function, and review the resulting page. You can also access the values of individual configuration directives at runtime using ini_get() or get_cfg_var().

No input file specified

One of the most common reasons why you get

No input file specified

(AKA ‘the second most useful error message in the world’) is that you have set doc_root (in php.ini) to a value which is to the DocumentRoot defined in the apache configuration.

This is the same for other webservers. For example, on lighttpd, make sure the server.document-root value is the same as what is defined as doc_root in php.ini.


Sylesh H



Anonymous said...

gud post

Божидар Божев said...


Really enjoyed your article , nice work !

But it seems the configuration does not suit my need for flexibility.

Would you happen to know what is the Env variable for :

Scan this dir for additional .ini files ?