PHP on Windows has come along way in the past few years. It used to be a chore to get PHP to work properly on IIS. Not so, anymore.

In the past I’ve recommended PHP ISAPI for IIS when using threaded applications and accelerators like eAccelerator, xCache and APC. APC now includes support for FastCGI (Non-Thread Safe). To install PHP 4 – 5.2.x ISAPI, see my previous post: How to install PHP ISAPI on Windows 2008 IIS7 x64.

With PHP 5.3.x, the ISAPI dll has been removed for Windows. In order to use it, you’ll need to compile it yourself. There is a big push to use FastCGI on IIS, and with good reason – the performance has increased dramatically. Since most web applications (blogs, forums, CMS) do not require a Thread Safe install of PHP, FastCGI is the fastest and most stable option around.

PHP 5.3 for Windows is now compiled with either VC6 or VC9. VC9 should be used with IIS and VC6 should be used with Apache 1 or 2. For the VC9 versions you will need the Microsoft 2008 C++ Runtime (VC x86, VC x64, even though you are installing 32-bit PHP, install the correct version of VC++ for the version of Windows that you have).

When installing multiple versions of PHP with PHP Manager, each install can have a different PHP.ini and set of extensions installed and enabled. Within IIS, you can have a different version of PHP enabled for each site.

1. Download and Install PHP Manager for IIS 7/7.5. (http://phpmanager.codeplex.com/releases/view/59970) Even though PHP is 32-bit, install the version of PHP Manager that matches your install of Windows (x86 or x64).

2. Download and Install PHP 5.3.x for Windows VC9 (Non-Thread Safe). (http://windows.php.net/download/) You can use the installer or zip package. I’d recommend using the installer package if this is your first install, as it will set the PATH for your PHP install in Windows. If you are adding a second version or upgrading PHP, download the zip package and simply unzip it. If you plan to use multiple versions of PHP at the same time, I’d recommend naming your directories with the PHP version, ie: C:\php_5.3.5\.

3. In PHP Manager (IIS Manager -> Server Name -> PHP Manager), click on “Register New PHP Version” and browse to where you unzipped the PHP files. Select the php-cgi.exe file and click OK. Once you have registered the PHP module, you’ll need to configure the PHP.ini. This can be done in Notepad or within PHP Manager (Manage All Settings). For most basic installs, the default PHP.ini will suffice. If you are using a MySQL database, you’ll have to enable the MySQL or MySQLi extension. Go to IIS Manager -> PHP Manager -> PHP Extensions -> Enable or disable an extension. Click on php_mysql.dll and/or php_mysqli.dll and under Actions on the right side bar, click Enable.

4. If you are using Windows x64, you’ll need to set your application pool settings to allow 32-bit PHP to function. If you are using 32-bit Windows, skip this step. In IIS Manager -> Application Pools -> Right-Click on the website’s application pool (or Default if you haven’t set one up yet) and select Advanced Settings. Set “Enable 32-bit applications” to TRUE. Click OK. This spawns the App Pool in 32-bit mode, so if you have other modules that need to be run in 64-bit mode, best to separate the website into two App Pools: one 32-bit and one 64-bit.

5. If you want to install multiple versions of PHP, all you need to do is register each version using PHP Manager. You can click on each individual website and select a specific version of PHP to run. Remember to modify the PHP.ini of each version you register. If you get CGI errors when trying to view a webpage, make sure cgi.force_redirect = 0, or it is commented out in the PHP.ini.

(average: 4.69 out of 5)

1 Comment |  Print This Post

So you’ve decided you want to use JW Player for Silverlight and IIS Media Services Web Playlists together.

One of the reasons to use Web Playlists is to hide the true path of your video. This makes it difficult for users to download a full copy of your video, perfect for streaming copyrighted or pay-per-view content. Although users can still use screen capture software (such as Camtasia) to record your video, the process is more involved and less likely.

JW for flash and most other players require the media file (.mpeg, .mp4, etc) to be in a folder below the root path accessible by visitors. Web Playlists for IIS allows you to add videos from any folder on your server, and does not directly access the video when a viewing is requested. It uses a one-time security token to obfuscate the path.

Step 1 – Add a New Playlist in IIS

Here you’ll add a new playlist by opening up the IIS Manager, selecting your website and double-clicking on “Web Playlists.” Once it is open, on the right-hand side click on “Add Playlist.”

Once you type in a name for your playlist it will generate a URL that needs to be used by your web-based player. As you can see here, we are looking at iishacks.com/VMWareCertificate.isx.

You’ll need to add the specific video file by going to “Media entries” and clicking “Add.” You can select a Physical Path (excellent for hiding a file above the root folder), a Relative URI (if the file is in the root folder or below), or a Remote URL (if it is on another server or domain). I’ve chosen Physical Path and selected a folder that is not accessible via IIS.

You’ll notice you have options to disable skip back/forward or seek. If you choose to attach multiple videos together, or have required advertisements before, between or after videos, these options are for you. Networks such as Global TV utilize these options to ensure visitors are viewing the advertisements before a video starts.

Step 2 – Add the Playlist to JW Player

Once you’ve added your video file(s) you can now add the playlist to a web-based video player such as JW Player. JW Player for Silverlight is the only free player that supports the ISX playlist format and doesn’t require ASP. IIS Web Playlists supports .asf, .avi, .flv, .m4v, .mov, .mp3, .mp4, .rm, .rmvb, .wma and .wmv.

You can download JW Player for free here: http://www.longtailvideo.com/players/jw-wmv-player/

Here is the code I used for my VMware video. This can be embedded into WordPress or any PHP/HTML file.

<center><div name="mediaspace" id="mediaspace"></div>
<p> <script type='text/javascript' src="/silverlight.js"></script><br />
 <script type='text/javascript' src="/wmvplayer.js"></script><br />
 <script type="text/javascript">
  var cnt = document.getElementById("mediaspace");
  var src = '/wmvplayer.xaml';
  var cfg = {
   file:'http://iishacks.com:80/VMWareCertificate.isx',
   height:'470',
   width:'600'
  };
  var ply = new jeroenwijering.Player(cnt,src,cfg);
 </script></center>

As you can see the ISX/ASX playlist is located at http://iishacks.com:80/VMWareCertificate.isx . If you try and open the file it will direct you to either a broken link or a text file with the following:

Notice how the ISX playlist has a tokenized session id appended to the URL? Try and open that. It’s a dead end. You’ll never be able to simply download the file. Here is a full set of features with Web Playlists.

(average: 4.88 out of 5)

No Comments |  Print This Post

Another one of Microsoft’s descriptive errors is 0x8ffe2740 when trying to start an FTP or Web Server from the IIS Administration module. The error itself means that there is a port conflict with another service. This is a relatively easy diagnosis, as you should already know what ports your ftp or web servers use.

Use the netstat command in the command console to find out what program is using a particular TCP port. Replace the ## with the port you wish to test. This works on Windows Server 2003 and 2008.

The above command will return a PID (process ID). You will need to match that to a running program or service. Type the following command:

Here is an example using port 21. In this example you can see the “ftpsvc” service is using port 21 through svchost.exe – which is normal. In a client’s machine, it was MSUpdate2.exe that was using port 21 – a piece of malware using an FTP server to serve pirated movies!

(average: 5.00 out of 5)

3 Comments |  Print This Post

Quite a few people have asked how to remove the default HTTP Response Headers of IIS6 and IIS7. It’s very easy, actually. You can have some fun with it too (bottom).

Remove, Edit or Add HTTP Response Headers in Windows 2003 IIS6

1. Open the IIS Management Console.
2. Right-click on “Websites” and select “Properties.”
3. Click on the “HTTP Headers” tab.
4. Highlight the “X-Powered-By: ASP.NET” entry and select “Remove.”
5. Also note that you can do this for all websites as above, or for an individual website by selecting it’s properties. Useful if you have sites powered by ASP and PHP on the same server.

Remove, Edit or Add HTTP Response Headers in Windows 2008 IIS7

1. Open the IIS Management Console.
2. Click on the Server Name in the left-hand pane.
3. Under the “IIS” heading in the right-hand pane, double-click on “HTTP Response Headers.”
4. Right-click on “X-Powered-By” and select Edit or Remove.
5. Also note that you can do this for all websites as above, or for an individual website by selecting it’s properties. Useful if you have sites powered by ASP and PHP on the same server.

Power your IIS6 or IIS7 Website with Pure Evil

You can also have some fun with the “X-Powered By” response header as its purpose is informational. You can also add your own custom header.

(average: 5.00 out of 5)

No Comments |  Print This Post

This past week I’ve been busy battling 29 different IP addresses that have been attacking a server that I maintain.

In my effort to rid the world of this behaviour, I recorded the IP addresses, found out as much information as possible, and then blocked them.

Locations of the IP addresses:

• 12 – China
• 9 - United States
• 5 – Canada
• 1 – Netherlands
• 1 – Vietnam
• 1 – Japan

Compromised Operating System:

• 29 – Windows 2003

Compromised Web Server:

• 29 – IIS 6

Percentage without a Firewall:

• 100%

Twelve of the IP addresses were associated with specific companies running their own dedicated server for email, ftp or a website. I decided to call or email each company to let them know their server was compromised. Most were grateful that someone took the time to notify them. By the end of the week, 8 of these servers were considerably more secure! One of the companies I called was a Canadian computer store. The person I talked to had mentioned their server was slow and bandwidth usage was high for about a week.

These servers were compromised through poor security practices. Many did not have a firewall due to co-location requirements, and others did not have a firewall due to email and ftp not working properly when it was enabled. Clearly they did not know how to properly configure a firewall to let DNS, SMTP, POP3 and Passive FTP in/out.

I find one of the biggest problems with Windows is that it is too easy to set up and administer at a basic level. Because of its ease of use, the technical knowledge of the person setting it up doesn’t need to exceed that of a typical desktop user. They fail to take into consideration items such as security, assuming the operating system takes care of it.

(No Ratings Yet)

1 Comment |  Print This Post