suPHP - secure/reliable?

jonas jonas at
Thu Nov 3 16:03:32 GMT 2005

Hi M.L., Sam,

> > Does anyone have anything to say about suPHP, either good or bad stuff ?
> > I'd like your opinions.

this reply is a bit late, but still helpfull I hope, since nobody using suPHP 
answered your request.

I am currently using suPHP and it works quite nice. It's not as strict as 
suexec when it comes to file and directory permissions, but it still enforces 
some sane defaults and it's very fast and easy to set up (install suphp and 
php ports, set suPHP_Engine On in your vhosts and there you go).

The downside of it (and this is why I'm thinking about switching to the 
FastCGI solution) is that for every request, a php process needs to be 
spawned, which can give your server hard time if you get a wave of something 
like 100 requests within a few seconds. I get this a few times every day on a 
server with ~100 customers, it usually results in a load of 25+.

So if you're looking for something which is fast and easy to set up, for only 
a couple of users go with suPHP. The better solution is FastCGI, though.

On Saturday 08 October 2005 02:52, Sam Nilsson wrote:
> If you are interested in taking this route I may be able to help you
> with the little details.

I'd be really intrested to hear some few details about installation through 
the ports. From what I saw in the FastCGI documentation you need to do some 
strange configuration changes to your httpd.conf, so that .php files are 
properly passed to the FastCGI handler and that they'll be executed under the 
correct user. Could you share a quick overview what you did to get this up 
and running, apart from makeing install?



More information about the freebsd-questions mailing list