PHP Handler: DSO vs CGI vs SuPHP vs FastCGI

What is PHP Handler?

PHP handler supplies the required library to interpret PHP code. Each handler delivers the libraries through different files and implementations. Each file and implementation affects Apache’s performance, because it determines how Apache serves PHP.

You need to make the right decision on how Apache should handle your websites or web applications. I am using WHM/cPanel to manage Apache and PHP, I will focus more on advantages and disadvantages from cPanel point of view rather than how to install, implement or switch between each handler.

DSO

PHP runtime is loaded once, when Apache starts up and then reused for all requests.

Architecture:

Advantages:

  • Since DSO is only loaded once, it is faster than CGI and SuPHP
  • PHP can direct access to some Apache-specific calls, which gives you some more fine-grained control on the HTTP-level.
  • Allow for most common PHP .htaccess (php_flag) directives to be used.
  • Good for single sites that require performance over ease of use and security
  • Suitable environment to run PHP optcode caching addon such as eAcclerator, APC or Xcache
  • Well suited for low and high traffic sites but not for CMS systems like Joomla

Disadvantages:

  • PHP processes are handled by the user that is running httpd. In most cases, this user is the ‘nobody’ user. This means when PHP interacts with files on the file system, they have to be accessible by the ‘nobody’ user. This creates permissions issues as your normal cPanel based user will not have access to read/write files that are owned by the ‘nobody’ user without the correct permissions changes. Most PHP web scripts need to write to files and directories and if they are owned by the cPanel user, without changing the permissions on the files or directories to 777, it will cause issues and in some cases, break your website
  • Runs not under user who owner of the site, so you will have to manually manage the permissions on a per user basis to ensure that your PHP apps/scripts can read and write to the files and directories of which it needs to function
  • Any changes on PHP configuration, will required to restart Apache service to make sure the module being reloaded

CGI

A new PHP CGI process is invoked on each Apache request for PHP processing.

Architecture:

Advantages:

  • Good for shared hosting environment. Well suited for medium traffic sites
  • Since you are on cPanel, user ‘nobody’ can be disallowed to send mails to remote addresses in WHM under WHM > Tweak Settings  > Mail > Prevent “nobody” from sending mail options
  • Run on separate process with user who owns the files, so you can easily monitor which user run the specific PHP process. Administrators can easily find the users running dangerous scripts
  • Configuration can be customize in httpd.conf, main php.ini or per vhost php.ini
  • Less headache on file permission management

Disadvantages:

  • PHP websites will be slower
  • No PHP directives are allowed in .htaccess
  • Less secure than SuPHP
  • High number of connections can lead to heavy load on the server
  • Exposed to malicious attack, hack, exploit and injection because PHP run as the files ownership

SuPHP

Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.

Architecture:

Advantages:

  • Good for shared hosting environment. Well suited for medium traffic sites
  • More secure than DSO especially with Suhosin extension (Suhosin might require tweaking some of it’s directives for some scripts)
  • Since you are on cPanel, user ‘nobody’ can be disallowed to send mails to remote addresses in WHM under WHM > Tweak Settings  > Mail > Prevent “nobody” from sending mail options
  • Run on separate process with user who owns the files, so you can easily monitor which user run the specific PHP process. Administrators can easily find the users running dangerous scripts
  • Configuration can be customize in httpd.conf, main php.ini or per vhost php.ini
  • Less headache on file permission management

Disadvantages:

  • PHP websites will be slower
  • No PHP directives are allowed in .htaccess
  • High number of connections can lead to heavy load on the server
  • Exposed to malicious attack, hack, exploit and injection because PHP run as the files ownership

FastCGI

PHP being loaded by FastCGI module in Apache. FastCGI is an open extension to CGI that provides high performance for all Internet applications.

Architecture:

Advantages:

  • Faster than other PHP handlers
  • Good for a high traffic site
  • The Apache client slots will stay much smaller, and you only have to load as many copies of PHP as the number of PHP scripts you’re running at any given  time
  • Good choice for saving memory usage

Disadvantages:

  • Configuration can be customize in httpd.conf, main php.ini or per vhost php.ini but not as easy as CGI and SuPHP. You need to create a script in cgi-bin folder to set PHPRC environment whenever PHP is executed
  • No PHP directives are allowed in .htaccess
  • Exposed to malicious attack, hack, exploit and injection because PHP run as the files ownership
  • PHP processes are running permanently even if no page is requested, this is faster and fine for a high traffic site but for a small homepage with 100 pageviews per hour you would waste resources

Conclusion

Every handler has advantages and disadvantages and there is no handler which always better than another. You must choose the right handler to make sure that your concern (performance? security? ease to manage?) can be fulfill. Cheers!

4 thoughts on “PHP Handler: DSO vs CGI vs SuPHP vs FastCGI

  1. Thanks you very much, I read all !

    I have problms whit SUPHP on cpanel :@

    But i think Than su PHP dont are Exposed to malicious attack, hack, exploit and injection because PHP run as the files ownership

    Now I see that is like CGI, the difference is than SUPHP verify files permission ?

    Sorry for my bad english 🙂

    Reply

    1. in CGI, you can run PHP files with permission of higher than 644 for files and 755 for directories. That is what its mean by verifying on the files permission before executing them. SuPHP will do this verification process before execute this, so you will normally see 500 Internal Server Error if any of the files is higher than the permission limit allowed

      Reply

  2. Thanks you this is new for me but now I know it 🙂

    Thanks you very very much.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *