PHP is an important part of your cPanel server. One aspect of PHP’s configuration that can be overlooked is the PHP handler. The PHP handler is the specific implementation of PHP on your server that interfaces with Apache. On a cPanel server, there are four main PHP Handlers:
Each has a distinct way of processing PHP code, and has its own benefits and drawbacks. In simplest terms, the decision of which PHP handler to choose comes down to your site’s specific needs.
DSO (Dynamic Shared Object) runs as an Apache module and, because it has so little overhead, it is extremely fast. However, DSO works only with Apache in non-threaded mode.
Opting for the pure speed of DSO means forgoing the performance benefits of Apache’s other Multi-Processing Modules, such as better process management and the ability to handle more connections using fewer server resources. You will need to evaluate your site’s specific needs before deciding whether to make that compromise.
By default, PHP scripts with DSO run as the Apache user “nobody”, which can have implications for security. In that configuration, scripts are not confined to a particular domain, and a malicious script could potentially gain access to files outside the site’s home directory. DSO’s standard permissions also can create some extra work when using a Content Management System (CMS). Both the security and compatibility concerns can be addressed by compiling Apache with the mod_ruid2 module, which allows scripts to run as the Linux user who owns the domain, but DSO still would require Apache to run with the single-threaded Prefork MPM.
CGI (Common Gateway Interface) is highly configurable and can run PHP scripts as the Apache user or as the Linux user which owns the domain via SuExec (which is enabled by default in WHM). However, as the slowest of the PHP handlers, it no longer is widely used. FCGI is the preferred alternative.
SuPHP (Single User PHP) was designed with stronger security in mind. SuPHP only executes PHP scripts as the owner of the domain, effectively isolating each user from the others.
That makes it easy to pinpoint users with resource-intensive or compromised scripts, but it also means that SuPHP is slower than either DSO or FCGI. And since a new process is created for each incoming request, a high-traffic server also could experience elevated load during a surge as processes are spawned in rapid succession. SuPHP works with any Apache MPM, though, and both the Worker and Event MPMs can help to improve resource utilization.
Because scripts run as the user, it is a common choice for sites running a CMS and doesn’t require the same changes to permissions as DSO. However, switching from DSO running as the Apache user to SuPHP would involve modifying the permissions of scripts.
FCGI (FastCGI) was written with speed in mind, and it is fast. With SuExec enabled, FCGI runs PHP scripts as the user, offering the same benefits for CMS sites as SuPHP, but with the bonus of added speed. It also provides enhanced security compared with DSO.
It can, however, be difficult to configure, but with some optimization it is an ideal PHP handler of choice for most servers.
At Liquid Web, we have spent several months testing and optimizing FCGI on cPanel servers to achieve maximum performance and stability while minimizing its use of resources. As a result, our Fully Managed CentOS 6 and CentOS 7 templates now include FCGI with optimized, custom settings by default.
Switching from one PHP handler to another can be a detailed process, especially when changing the ownership of PHP scripts is involved. PHP is fully managed by Liquid Web’s Heroic Support® Team, so if you are considering switching handlers or would like to take advantage of our FCGI optimizations, feel free to contact us using the information below. Our Heroic Support® Team will be happy to guide you through that transition.
Liquid Web’s Heroic Support is always available to assist customers with this or any other issue. If you need our assistance please contact us:
Toll Free 1 (800) 580-4985
International (517) 322-0434
Tagged with: apache • permissions • php