Security Alert! The PHP CGI cannot be accessed directly.

Security Alert! The PHP CGI cannot be accessed directly.

by Russell Cunning -
Number of replies: 3

Hi all,

Wondering if anybody has any ideas about this problem.  I've just uploaded Moodle 1.2 to my server, and went to run the /admin file as directed.  I get the following error message displayed:

"Security Alert! The PHP CGI cannot be accessed directly.

This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive.

For more information as to why this behaviour exists, see the manual page for CGI security.

For more information about changing this behaviour or re-enabling this webserver, consult the installation file that came with this distribution, or visit the manual page."

The server is running Win2003 Server, and through my own control panel I can (and have) set CGI/PHP to 'on'.

Any thoughts greatly appreciated, as the server hasn't had this sort of problem before, and seems to be running out of ideas.

Thanks,

Russell

Average of ratings: -
In reply to Russell Cunning

Re: Security Alert! The PHP CGI cannot be accessed directly.

by Janne Mikkonen -
Hi Russell

In fact this message has nothing to do with your server or PHP (cgi or module) installed in it. This is a IE bug.

This occur when you have browser have a active session (or you've been logged in using IIS on authentication methods) in it's cache. Now when you try to log in to your moodle you'll have this very confusing error message. Just shutdown your browser and clear your browser's cache.

Do you have any other PHP software installed on your server or is moodle the only one?

- Janne -

Average of ratings: -
In reply to Janne Mikkonen

Re: Security Alert! The PHP CGI cannot be accessed directly.

by Russell Cunning -

Hi Janne,

Thanks for that.  Are you are talking about the server machine or my local machine?  I'm hosted remotely, so if you are referring to the server, I'll have to pass along the message. 

If you are talking about my local machine, unfortunately, that didn't help.  I cleared the cac he, and re-started IE.  Hopefully you didn't mean the local machine - otherwise how would I tell potential visitors that they have to clear their cache before visiting the site? 

But Moodle is the only script (indeed, the only files of any sort) on my host.

Regards,

Russell

Average of ratings: -
In reply to Russell Cunning

Re: Security Alert! The PHP CGI cannot be accessed directly.

by Janne Mikkonen -
Hi Russell

I made so diggin' out little bit more and found something that could be true in your case also.
Now your site is on hosted server (IIS). Probably you have username and password to administer your webspace? And you have to login to do so (screenshot).

Now when you logon to that server (IIS) you give a username (eg. john) that have rights to that directory where your stuff exists and after you're logged on this user information is in IE's memoryspace.

This username is not the same one that server is using when its runnig php (as module or cgi) and this is where the errors appears. IE is giving the server that username information what is in it's memory and it tries to run those php's under that username and that username does not have right to run php.exe directly. (I hope somebody can actually translate this to common language big grin).

So this problem should not affect any of those potential visitors.

Now if shutting down the browser doesn't take away the problem, there might wrong settings in your browsers security settings ( tools -> Internet options -> Security tab -> Custom level button -> User authentication section).

I hope this helps you somehow, even a little bit.

- Janne -

Attachment screenshot.jpg
Average of ratings: -