Are you trying decide on the various PHP Handlers?
This guide will help you.
We can configure PHP in the server using different files and implementations. It is the PHP Handler that determines how PHP implement and work on the server.
The PHP handler is the specific implementation of PHP on your server that interfaces with Apache. On a cPanel server, there are four main PHP Handlers: DSO. CGI. SuPHP.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform PHP related queries.
In this context, we shall look into the various PHP handlers and their pros and cons.
A major reason for PHP being the base of a large percentage of websites is because website applications like WordPress and Joomla run on PHP.
If we have a server hosting a large number of PHP-based websites, it's better to monitor the server, its resource usage, traffic, etc, and select the most efficient handler.
The security level varies for different handlers. However, they play a major role in the server's stability, speed, and security.
Available PHP handlers are DSO, CGI, SuPHP, and FastCGI. Each handler differs in its implementation and performance.
Also known as mod_php, it is the default and the oldest handler. It runs PHP as an Apache module.
Pros:
i. DSO is the fastest handler.
ii. CPU usage is low.
Cons:
i. Security issue: While using DSO, PHP scripts will run as user nobody. Hence, if a hacker finds a vulnerability, he can modify important files. The best way to prevent such vulnerabilities is to keep the applications up to date.
ii. File Permissions: If the website provides an option to create files using PHP scripts, we will run into permission issues. The files created will be owned by nobody which will trigger permission errors.
SuPHP runs PHP as a CGI module. cPanel recommends this handler. The PHP scripts will run as the user who calls it.
Pros:
i. Security: Since PHP scripts run as the user who called it, the hacker won’t get access to files outside the user’s home directory.
ii. Permissions: The files created will be under the ownership of the corresponding user. So we won't run into permission issues.
Cons:
i. High CPU usage: The CPU usage of this handler high.
ii. Low speed compared to DSO.
It is the least used handler. It runs PHP as a CGI module. PHP scripts will run as user nobody unless suEXEC is enabled. It is not so fast or secure.
It is an implementation of CGI and it runs PHP as a CGI module. It overcomes most of the disadvantages of CGI.
Pros:
i. High Speed comparable to DSO.
ii. As with SuPHP, PHP scripts will run as the user, a hacker won’t be able to infect files outside the user’s home directory.
Cons :
i. High memory usage: This handler has the highest memory usage. Our Support Experts don't recommend it for servers running low on memory.
ii. In addition, most of the control panels provide the option to switch the handler from the front end interface itself.
This article covers the pros and cons of different PHP Handlers. Basically, selecting the proper PHP handler plays a major role in the server's stability and performance.
Apache does not natively support PHP scripts without a special module. The module that tells Apache how to handle PHP scripts is referred to as a PHP handler.
Without a properly configured module, Apache will just send you the PHP file as a download since it doesn't know what else to do.
1. DSO/Apache Module
This is also referred to as mod_php. This module allows Apache itself to directly parse and display PHP files. PHP scripts parsed by mod_php run as the same user that Apache itself does (rather than the user account that hosts the PHP files.
Pros
i. One of the fastest handlers available.
ii. Works with mod_ruid2 or mpm_itk modules.
Cons
i. Only works with a single version of PHP on cPanel servers (you'll need to use other handers for other versions of PHP if you offer them).
ii. Scripts run as the Apache user rather than the owner of the domain or subdomain. For example, on a cPanel server, if the script creates a file or directory, that file will be owned by the user "nobody" which can cause problems when the account owner goes to backup or remove them.
2. CGI
Stands for Common Gateway Interface. Using this handler, the system will run PHP scripts as the user that owns the domain or subdomain.
Pros
Scripts run as the domain or subdomain user, not as the Apache user.
Cons
i. One of the slowest handers.
ii. Doesn't work well with PHP opcode caching.
iii. Cannot put PHP configuration changes in an .htaccess file.
3. FCGI/FastCGI
FastCGI is a variation of the CGI protocol that provides a number of benefits over the older CGI handler. Using this module, the system will run PHP scripts as the user that owns the domain or subdomain. There are some differences between mod_fastcgi and mod_fcgid, but none that are relevant to the scope of this article.
Pros
i. Scripts run as the domain or subdomain user, not as the Apache user.
ii. Very fast handler.
iii. Works with PHP opcode caching.
Cons
i. This handler uses more memory than most of the others.
ii. Cannot put PHP configuration changes in an .htaccess file.
4. PHP-FPM
FPM stands for FastCGI Process Manager. It is an improved way of implementing FastCGI processing of PHP. Using this handler, the system will run PHP scripts as the user that owns the domain or subdomain. Each FPM pool can have independent settings.
Pros
i. Scripts run as the domain or subdomain user, not as the Apache user.
ii. One of the fastest PHP handlers.
iii. Works with PHP opcode caching.
iv. Allows for some additional level of flexibility per pool.
Cons
i. This handler can use more memory than any other handler listed here, but that depends on the number of sites using PHP-FPM and the configuration of the FPM pool.
ii. Can be somewhat more complicated to manage.
iii. Cannot put PHP configuration changes in an .htaccess file and some directives can only be changed on a global level.
5. suPHP
This handler was specifically designed to serve PHP scripts as the owner of the domain or subdomain that is executing the PHP script. On cPanel servers, it is also configured to disallow execution of files with unsafe permissions. cPanel their copy of suPHP with the latest security fixes.
Pros
i. Scripts run as the domain or subdomain user, not as the Apache user.
ii. cPanel configures suPHP so that it blocks accessing or executing any files or directories with permissions higher than 755 for security.
Cons
i. Slowest PHP handler in most cases.
ii. PHP Opcode caching has no performance improvement and only wastes memory.
iii. Cannot put PHP configuration changes in an .htaccess file.
6. LSAPI
This handler implements the LiteSpeed Web Server (LSWS) SAPI. This handler requires CloudLiunx or LSWS for the maximum benefits. Using this handler, the system will run PHP scripts as the user that owns the domain or subdomain.
Pros
i. Designed to perform as well or better than PHP-FPM under certain circumstance.
ii. Less memory use than most other handlers.
iii. Scripts run as the domain or subdomain user, not as the Apache user.
iv. No special configuration required.
v. Can read PHP values out of a .htaccess file.
Cons
i. You don't get full benefits without purchasing a third-party commercial product.
ii. Not compatible with mod_ruid2 or mpm_itk (but it shouldn't need them).