There was a problem loading the comments.

Using FastCGI to Host PHP on IIS 7

Support Portal  »  Knowledgebase  »  Viewing Article


Original Document here...

Locally Cached:

Table of Content


The FastCGI module in IIS enables popular application frameworksthat support the FastCGI protocol to be hosted on the IIS web server ina high-performance and reliable way. FastCGI provides ahigh-performance alternative to the Common Gateway Interface (CGI), astandard way of interfacing external applications with Web servers thathas been supported as part of the IIS feature-set since the very firstrelease.

CGI programs are executables launched by the web server for eachrequest in order to process the request and generate dynamic responsesthat are sent back to the client. Because many of these frameworks donot support multi-threaded execution, CGI enables them to executereliably on IIS by executing exactly one request per process.Unfortunately, it provides poor performance due to the high cost ofstarting and shutting down a process for each request.

FastCGI addresses the performance issues inherent in CGI byproviding a mechanism to reuse a single process over and over again formany requests. Additionally, FastCGI maintains compatibility withnon-thread-safe libraries by providing a pool of reusable processes andensuring that each process will only handle one request at a time.

Enabling FastCGI Support in IIS 7.0

Windows Server 2008

Add the CGI role service by going to Server Manager -> Roles-> Add Role Services. This enables both the CGI and FastCGI services:

Windows Vista SP1

Add the CGI feature by going to Control Panel -> Programs andFeatures -> Turn Windows features on or off. This enables both theCGI and FastCGI services.

IMPORTANT: Install the update for FastCGI module

The update for IIS 7.0 FastCGI module fixes several knowncompatibility issues with popular PHP applications. Install the updatefrom one of the following locations:

Install Administration Pack for IIS 7.0

NOTE: This step is optional.

Among other useful features Administration Pack for IIS 7.0 has avery convenient user interface for configuring FastCGI settings.Administration Pack can be installed from these locations:

Install and Configure PHP

It is recommended to use a non-thread safe build of PHP with IIS 7.0FastCGI. A non-thread safe build of PHP provides significantperformance gains over the standard build by not doing anythread-safety checks, which are not necessary, since FastCGI ensures asingle threaded execution environment.

  1. Download the latest non-thread safe zip package with binaries of PHP from
  2. Unpack the files to a directory of your choice (e.g. C:\PHP). Rename the php.ini-recommended to php.ini.
  3. Open the php.ini file, then uncomment and modify settings as follows:
    • Set fastcgi.impersonate = 1. FastCGI under IIS supports the ability to impersonate security tokens of the calling client. This allows IIS to define the security context that the request runs under.
    • Set cgi.fix_pathinfo=1. cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's previous behavior was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not care what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting this to 1 will cause PHP CGI to fix its paths to conform to the spec
    • Set cgi.force_redirect = 0.
    • Set open_basedir to point to a folder or network path where the content of the web site(s) is located.
    • Set extension_dir to point to a location where PHP extensions reside. Typically, for PHP 5.2.X that would be set as extension_dir = "./ext"
    • Enable the required PHP extension by un-commenting corresponding lines, for example:

  4. To test if the PHP installation is successful, run the following from the command line prompt:

C:\PHP>php –info

If PHP was installed correctly and all its dependencies areavailable on the machine, then this command will output the current PHPconfiguration information.

Configure IIS 7.0 to Handle PHP Requests

In order for IIS 7.0 to host PHP applications, it is necessary toadd a handler mapping that tells IIS to pass all PHP specific requeststo the PHP application framework via FastCGI protocol.

Using IIS Manager

Open IIS Manager and then select and open “Handler Mappings” at the server level:

Select the “Add Module Mapping” action and specify the configurations settings as below:

  • Request path: *.php
  • Module: FastCgiModule
  • Executable: "C:\[Path to your PHP installation]\php-cgi.exe"
  • Name: PHP via FastCGI

Click OK. A dialog box appears asking if you want to create a FastCGI application for this executable. Click Yes.

Test that the handler mapping works correctly by creating aphpinfo.php file in the C:\inetpub\wwwroot folder that contains thefollowing code:

Open a browser and navigate to http://localhost/phpinfo.php. If everything was setup correctly, then you will see the standard PHP information page:

NOTE: If you do not see "FastCgiModule" in the"Modules:" drop-down list then it means that the module is notregistered or not enabled. To check if FastCGI module is registeredopen the IIS configuration file%WINDIR%\windows\system32\config\applicationHost.config and check thatthe following line is present in section:

Also, in the same file, check that the FastCGI module is added to the section:

Using command line

Alternatively, the above mentioned steps can be completed by using command line tool appcmd.

To create the FastCGI application process pool, run the following command:

C:\>%windir%\system32\inetsrv\appcmd set config /section:system.webServer/fastCGI /+[fullPath='c:\{php_folder}\php-cgi.exe']

After that, create the handler mapping:

C:\>%windir%\system32\inetsrv\appcmdset config /section:system.webServer/handlers/+[name='PHP_via_FastCGI',path='*.php',verb='*',modules='FastCgiModule',scriptProcessor='c:\{php_folder}\php-cgi.exe',resourceType='Unspecified']

Note: If you are using PHP version 4.X, instead of php-cgi.exe, you can use php.exe.

Best Practices for Configuring FastCGI and PHP

This download contains a summary presentation on Best Practices for hosting PHP in a shared hosting environment.

Security Isolation for PHP Web Sites

The recommendation for isolating PHP web sites in a shared hostingenvironment is consistent with all general security isolationrecommendations for IIS 7.0. In particular, it is recommended to:

  • Use one application pool per web site
  • Use a dedicated user account as an identity for the application pool
  • Configure anonymous user identity to use the application pool identity
  • Ensure that FastCGI impersonation is enabled in the php.ini file (fastcgi.impersonate=1)

For more details about security isolation in a shared hosting environment, refer to Isolating Sites with Application Pools.

PHP Process Recycling Behavior

Make sure that FastCGI always recycles the php-cgi.exe processesbefore the native PHP recycling kicks in. The FastCGI process recyclingbehavior is controlled by the configuration property instanceMaxRequests.This property specifies how many requests the FastCGI process willprocess before recycling. PHP also has a similar process recyclingfunctionality that is controlled by an environment variable PHP_FCGI_MAX_REQUESTS. By setting instanceMaxRequests to be smaller or equal to PHP_FCGI_MAX_REQUESTS, you can ensure that the native PHP process recycling logic will never kick in.

The FastCGI settings can be configured either by using IIS Manager or by using the command line tool appcmd.

Using IIS manager

To configure FastCGI recycling settings by using IIS Manager, you need to install Administration Pack for IIS 7.0 and then select FastCGI settings at the server level:

Next select the FastCGI application that you want to configure and click "Edit..." in the Actions pane on right hand side:

In the "Edit FastCGI application" dialog, set instanceMaxRequest to 10000 and then click on the browse button next to the EnvironmentVariables setting:

Add the PHP_FCGI_MAX_REQUESTS environment variable and set its value to 10000:

Note: If you do not configure these settings, then the following default settings are used: instanceMaxRequests = 200, PHP_FCGI_MAX_REQUESTS = 500 (on most PHP builds).

Using command line

To configure the recycling behavior of FastCGI and PHP via appcmd, use the following commands:

C:\>%windir%\system32\inetsrv\appcmdset config -section:system.webServer/fastCgi/[fullPath='c:\{php_folder}\php-cgi.exe'].instanceMaxRequests:10000

C:\>%windir%\system32\inetsrv\appcmd.exeset config -section:system.webServer/fastCgi/+"[fullPath='C:\{php_folder}\php-cgi.exe'].environmentVariables.[name='PHP_FCGI_MAX_REQUESTS',value='10000']"

PHP Versioning

Many PHP applications may rely on functions or features availableonly in certain versions of PHP. If such applications are to be hostedon the same server then different PHP versions must be enabled andrunning side-by-side. The IIS 7.0 FastCGI handler fully supportsrunning multiple versions of PHP on the same web server.

For example, let’s assume that on your web server you plan tosupport PHP 4.4.8, PHP 5.2.1 and PHP 5.2.5 non-thread safe. To enablethat, you must place corresponding PHP binaries in separate folders onthe file system (e.g. C:\php448\, C:\php521\ and C:\php525nts) and thencreate FastCGI application process pools for each version:

C:\>%windir%\system32\inetsrv\appcmd set config /section:system.webServer/fastCGI /+[fullPath='c:\php448\php.exe']

C:\>%windir%\system32\inetsrv\appcmd set config /section:system.webServer/fastCGI /+[fullPath='c:\php521\php-cgi.exe']

C:\>%windir%\system32\inetsrv\appcmd set config /section:system.webServer/fastCGI /+[fullPath='c:\php525nts\php-cgi.exe']

Now, if you have 3 web sites (site1, site2, site3), where each siteneeds to use a different PHP version, you can define handler mappingson each of those sites to reference a corresponding FastCGI applicationprocess pool.

Note: Each FastCGI process pool is uniquely identified by a combination of fullPath and arguments properties.

C:\>%windir%\system32\inetsrv\appcmdset config site1 –section:system.webServer/handlers/+”..[name=’PHP448_via_FastCGI’,path=’*.php’,verb=’*’,modules=’FastCgiModule’,scriptProcessor=’c:\php448\php.exe’,resourceType=’Either’]

C:\>%windir%\system32\inetsrv\appcmdset config site2 –section:system.webServer/handlers/+”..[name=’PHP521_via_FastCGI’,path=’*.php’,verb=’*’,modules=’FastCgiModule’,scriptProcessor=’c:\php521\php-cgi.exe’,resourceType=’Either’]

C:\>%windir%\system32\inetsrv\appcmdset config site3 –section:system.webServer/handlers/+”..[name=’PHP525nts_via_FastCGI’,path=’*.php’,verb=’*’,modules=’FastCgiModule’,scriptProcessor=’c:\php525nts\php-cgi.exe’,resourceType=’Either’]

PHP Security Recommendations

The following settings can be used to tighten the security of a PHPinstallation. To make the recommended changes locate and open thephp.ini file and edit the configuration settings as described below:

Setting Description
Disable remote URLs for file handling functions, which may cause code injection vulnerabilities.
register_globals=Off Disable register_globals.
open_basedir="c:\inetpub\" Restrict where PHP processes can read and write on a file system.
Disable safe mode
Limit script execution time
Limit memory usage and file sizes
Configure error messages and logging
fastcgi.logging=0 IIS FastCGI module will fail the request when PHP sends any data on stderr by using FastCGI protocol. Disabling FastCGI logging will prevent PHP from sending error information over stderr, and generating 500 response codes for the client.
expose_php=Off Hide presence of PHP

Enabling per-site PHP configuration

The section describes the recommended way of enabling per-site PHPconfiguration . Note that this recommendation was discovered andvalidated by Radney Jasmin with hosting provider who now offers PHP hosting on Windows Server 2008 via FastCGI.

Per-site PHP process pools

When each web site has its own application pool (which is arecommended practice on IIS 7.0), it is possible to associate adedicated FastCGI process pool with each web site. A FastCGI processpool is uniquely identified by the combination of fullPath and argumentsattributes. So, if it is necessary to create several FastCGI processpools for the same process executable, such as php-cgi.exe, the argumentsattribute can be used to distinguish process pools definitions. Inaddition, with php-cgi.exe processes the command line switch "-d" canbe used to define an INI entry for PHP process. This switch can be usedto set a PHP setting that makes the arguments string unique.

For example, if there are two web sites "website1" and "website2"that need to have their own set of PHP settings, the FastCGI processpools can be defined as follows:

In this example the PHP setting open_basedir isused to distinguish between process pool definitions. In addition itenforces that the PHP executable for each process pool can perform fileoperations only within the root folder of the corresponding web site.

Then website1 can have the PHP handler mapping as follows:

and website2 can have the PHP handler mapping as follows:

Specifying php.ini location

When the PHP process starts it determines the location of the configuration php.ini file by using various settings. The PHP documentationprovides detailed description of the PHP start up process. Note thatone of the places where PHP process searches for php.ini location isthe PHPRC environment variable. If PHP process finds a php.ini file inthe path specified in this environment variable then it will use it,otherwise it will revert to default location of php.ini. Thisenvironment variable can be used to allow hosting customers to usetheir own versions of php.ini files.

For example if there are two websites: website1 and website2;located at the following file paths: C:\WebSites\website1 andC:\WebSites\website2 then the php-cgi.exe process pools in the section of applicationHost.config can be configured asbelow:

This way website1 can have its own version of php.ini in theC:\WebSites\website1, while website2 can have its own version ofphp.ini located in C:\WebSites\website2. This configuration alsoensures that if there is no php.ini found in location specified byPHPRC environment variable then PHP will fall back to using the defaultphp.ini file located in the same folder where php-cgi.exe is located.

Providing URL rewriting functionality for PHP applications

The majority of popular PHP applications rely on the URL rewritingfunctionality in web servers to enable user friendly and search enginefriendly URL's. IIS 7.0 provides URL rewriting capabilities via the URL rewrite module.

Refer to the following articles for more information on how to use the URL Rewrite Module:


Share via

Related Articles

© 8Dweb LLC