What's the difference between PHP Handlers CGI, suPHP, mod_php (DSO) and FastCGI?


What's the difference between PHP Handlers CGI, suPHP, mod_php (DSO) and FastCGI?

On a VPS or Blaze servers you have the option of choosing from up to 4 different PHP Handlers. Choosing the right one is important, as depending on how you use your server, different handlers will give you different performance and security benefits.

Note: If you're on a managed server and want to use a PHP handler that's not in the WHM options, feel free to submit a support ticket, and we'll be happy to install it for you.

SuPHP - SuPHP works by running individual PHP files under the user (cPanel user in this case) who executes the script, rather than the default "nobody" Apache user.

  • Main Benefits: Very secure. As it used suEXEC to set permissions, if one PHP script is exploited, that exploit cannot effect any other cPanel accounts/websites on the server. Also, it's highly compatible with CMS's like WordPress and Joomla.
  • Main Disadvantages: Slow, especially for complex websites. Requires more CPU resources than the other handlers. Also, will not allow you to change PHP variables using .htaccess code, instead all changes will need to be made in the relevant php.ini file or using EasyApache4 and MultiPHP.
  • Best Used: Servers that have many cPanel accounts and where security is a top priority

DSO (mod_php) - DSO is the fastest way to run PHP files on a server. It executes all PHP scripts under the Apache user "nobody". This allows scripts to be executed quickly, but makes it hard to set secure permissions.

  • Main Benefits: Fast. Has very little overhead, especially if the module OPcache is also used. Allows PHP variables to be set using .htaccess code.
  • Main Disadvantages: Insecure. As all PHP files are ran under the "nobody" user it's possible for a PHP file exploit on one website to affect a completely different/unrelated part of the server. Servers using DSO should make sure that their websites and CMS's are secured tightly. Also, permissions will need to be set for every PHP file manually, as by default they are owned by the "nobody" user, which can cause websites to crash until the issue is resolved.
  • Best Used: When a more expensive server can't be purchased, the server is backed up offsite regularly and security of the server is not a priority

FastCGI (FCGI) - FastCGI combines the best of DSO and suPHP. It allows PHP files to be run by the user (through the use of suEXEC), keeping the server secure, while also not requiring a separate PHP process for each script, meaning that the server is relatively fast.

  • Main Benefits: Both fast and secure. While DSO is faster and suPHP is more secure, FCGI is a great middle ground that provides the best of both worlds.
  • Main Disadvantages: Uses more system memory than the other PHP handlers, as a PHP process is kept running at all times. Custom PHP coded scripts may be more likely to produce errors on FCGI, so it benefits to have an active developer available.
  • Best Used: When both speed and security are important, however as suPHP is more secure, it's still important to keep website security up to date.

CGI - CGI is an older PHP handler that's not commonly used anymore. It's similarly to suPHP in that it allows PHP scripts to be run as an individual user, however it's older and less developed with regard to modern technology

  • Main Benefits: It's very highly configurable and supports setting PHP permissions to the user (through suEXEC)
  • Main Disadvantages: Slowest of all the PHP handlers
  • Best used: CGI isn't used much anymore. It's only common use is on environments where other handlers aren't available.

Did you find this article useful?  

Related Articles

© Crucial