PHP installation on IIS: ISAPI or CGI

iisiis-6PHPphp5

I'm running IIS6 on Windows Server 2k3, and currently have PHP installed as a ISAPI module. We're about to upgrade our environment to PHP 5.3.0, and this made me wonder whether I should stick with the ISAPI module or if there was a reason the CGI would be a better fit.

We have one web server for our organization, and do not have to worry about security related to shared hosting; we have several web sites, but they all belong to us.

Is there an advantage to using one method over the other? Is one more secure? Is it simply a matter of preference?

EDIT: PHP 5.3.0 dropped support for ISAPI, so you do need to install it via FastCGI. From the PHP Migration Guide:

Support for the ISAPI module has been dropped. Use the improved FastCGI SAPI module instead.

Best Answer

The Non-Thread-Safe PHP CGI binary for Windows is supposed to give you maximum stability, compatibility and performance as:

PHP was originally designed and optimized for multi-process environment
Most of the extensions were created keeping that in mind
There is no "waiting" that you see in multi-threaded environments

However, the performance and stability is susceptible when the CGI binary is used in multi-threaded environments such as IIS. Therefore most people have started using the relatively new FastCGI extension that is available for IIS 5.1/IIS 6.0 as a download and bundled with IIS7.

This guide explains how to install and configure PHP CGI with Microsoft's FastCGI extension.

The second option is to go for PHP ISAPI but be sure to (i) use Thread-Safe builds (ii) use stable and tested extensions -- the PHP ISAPI can otherwise crash and take down IIS as well. A side note is that tread-safety in PHP is like a hand-brake that is always engaged; some even say that it is a myth.

Update: PHP ISAPI is not shipped anymore so the question about ISAPI vs. CGI is not a question anymore. FastCGI is recommended.

FastCGI support is built into modern versions of IIS, you just need to enable it.
PHP installer presents the option of installing PHP with FastCGI.
For people who want to perform ZIP installations can use "PHP Manager for IIS" to configure PHP installation with IIS.

Related Solutions

Linux – Memory usage of php-cgi processes is growing steadily

Try to lower down var_size. If we had value at 64MB, after a few hours it started to swap a lot, and after next few hours it was completely down. Try to keep original settings at 32M, maybe this should help you a lot - we had the same problem at our travel site Xcache is still a lot of buggy software :(

Apache .htaccess – Running PHP in CGI/FastCGI Mode on Shared Hosting

The problem is not that Apache rewrite rules in the .htaccess file won't work when running PHP as a CGI vs. an Apache module. It's just you can't use the .htacess file to set PHP values when it's ran as a CGI. Instead you have to have a separate php.ini file that has your settings changed in it. Within my own shared hosting account, which runs PHP as a CGI, I make use of FastCGI and have the following in my .htaccess file:

<IfModule !mod_php.so>
    AddHandler myphp-script .php
    Action myphp-script /cgi-bin/myphp.fcgi
</IfModule>

Then in my accounts /cgi-bin/ directory I place the myphp.fcgi script with chmod 755 containing:

#!/bin/sh

# This ensures PHP doesn't try to run it's own
# process manager.  
export PHP_FCGI_CHILDREN=0

# Execute PHP with my php.ini config file
exec /path/to/system/cgi-bin/php -c ~/myconf/php.ini

I still have a <IfModule mod_rewrite.c> section in my .htaccess file to handle rewriting some old URI paths to the new URI structure to maintain old links that are cached in search engines.

Best Answer

Related Solutions

Linux – Memory usage of php-cgi processes is growing steadily

Apache .htaccess – Running PHP in CGI/FastCGI Mode on Shared Hosting

Related Topic