by Tali Smith
PHP hosters generally set up an environment, and provide a separate domain for each customer to host their applications.
Self-hosters or very small hosters, however, may need create a separate site or virtual directory to host their PHP content on a system that is also used for other workloads when:
- Application contents are located in a separate physical directory on disk.
- Mixing other application contents with the PHP application is not desired.
- Different permission settings are desired.
- You would like to host the PHP application at a different port or domain.
In these cases, you can add a separate virtual directory to host the PHP content; the directory is still accessible as part of the default Web site's URL hierarchy. You must also set the permissions necessary to enable PHP content to be served.
Create a Virtual Directory to Host PHP Content
- Using Windows® Explorer, browse to the
- Create a subdirectory named phpapp directory.
- Right-click on the
C:\inetpub\phpappdirectory, and then click Properties.
- On the Security tab, click Edit.
- Click Add, and then type IIS_IUSRS in the Enter the object names to select box.
- Click OK.
Figure 1: Permissions for phpapp folder
- Click OK to accept the default permissions (read and execute)
- Click OK to close the phpapp Permissions window.
Any directory containing PHP content must grant the following permissions:
- Grant IIS_IUSRS read permission. This allows the Php-cgi.exe process to access the PHP content, if PHP is not configured to impersonate the authenticated user (fastcgi.impersonate = 0). This allows PHP in any Internet Information Services (IIS) application pool to access the content.
- OPTIONAL: If using impersonation, the directory must grant read access to all possible authenticated users that use the application by granting access to the individual user or a group to which all such users belong.
- If using anonymous authentication, the directory must grant access to the anonymous user configured in IIS (IIS_IUSR by default).
- If using Windows®-based authentication methods, access must be granted to all possible authenticated users or group to which they all belong.
- It is strongly recommended not to grant write access or full access to IIS_IUSRS or any account under which PHP executes. However, sometimes write access may be necessary if the application writes to its own files. In that case, grant write access only to the files or subdirectory that requires it. It is preferred however to configure all write access to be outside of the Web-accessible directory structure.
- OPTIONAL: If using application pool isolation to isolate applications, the directory should instead grant access to the custom account assigned to the corresponding application pool.
- ADVANCED: Alternatively, when using application pool isolation, access may be granted to the application pool security identifier (SID).
Follow these steps:
- From the Start menu, open Internet Information Services (IIS) Manager.
- Expand the server node, and then expand Sites.
- In the tree view on the left, right-click the Default Web Site.
- Click Add Virtual Directory.
- In the Alias box, type phpapp.
- In the Physical path box, type
Figure 2: Adding a virtual directory for php applications
- Click OK.
- Using Windows Explorer, browse to the
- Create a file named Hello.php.
Paste the following into the file:
<?php echo("hello!"); ?>
- Save and close the file.
- Test the page.
- Start Windows® Internet Explorer®, and then enter: localhost/phpapp/hello.php in the Address bar.
Figure 3: "Hello" page
- Close all open windows.
Create a Separate Site to Host PHP Content
It is possible to create a separate site with the desired port and domain name to host the PHP application.
- Open Internet Information Services (IIS) Manager (Inetmgr.exe).
- Expand the server node.
- In the tree view on the left, right-click the Sites node, and then click Add Web Site.
- Enter PHPSite for the Site name.
c:\inetpub\phpappfor Physical path.
- Enter 85 for Port.
Figure 4: Add Web Site dialog- Click OK.
- Open Internet Explorer, and request
Figure 5: "Hello" page running on a Web Site
- Return to IIS Manager (Inetmgr.exe).
- In the tree view on the left, right-click the PHPSite.
- Click Edit Bindings.
- Click Add.
- Enter phpsite for the Host name.
Figure 6: Adding a site binding
- Click OK and close Site Bindings dialog.
C:\Windows\system32\drivers\etc\hostsfile in Notepad as administrator and add the following DNS entry:
- Save and close the hosts file.
- Open Internet Explorer, and go to
Figure 7: "Hello" page running on a Web Site
- Close all open windows.
Note that you can add any number of bindings to a site, to expose it on any combination of available IP addresses, ports, and domain names.
You can also use this process to create SSL site bindings (although this also requires a valid server certificate, and may involve additional IIS configuration to properly secure an SSL site).
Note: This article uses material from the PHP on Windows Training Kit, published on August 25, 2009.