What do we have in this session?
PHP 3.5.2, Windows XP Pro SP 2 and IIS 5.1
After we have completed the basic IIS 5.1 setup on Windows XP Pro SP2 to work properly, we are ready to install and configure PHP 3.5.2. Snort doesn’t need PHP engine in order to work, however other Snort’s add-on that will be installed together, later, such as Basic Analysis and Security Engine (BASE) need it.
Download and Install PHP
Firstly, download a correct version for Windows IIS from the following URL: PHP for Windows. In this case we have downloaded the current version, 5.3.2, thread safe version (
VC9 x86 Thread Safe (2010-Mar-04 20:11:10). Extract the compressed ZIP file.
When installing PHP using msi or manually (ZIP file), install it in C:\PHP and DO NOT use the "Program File" as default and DON'T select Web Sever type (these are known issues). The reason is that IIS 5.x doesn't like space character (or you need to use the DOS version with tilde (~)) when mapping the PHP dll/exe. Even if you put quotation for your path, you may still encounter "The specified module could not be found" message when opening a PHP page. You may choose a different location but do not have space(s) in the path (like C:\Program Files\PHP). In this case we installed it on C:\PHP
The following screenshot shows the extracted files and folders.
The PHP installation guide can be read from install.txt file. Next, let add the PHP’s binary path the Windows system variables so that those binaries can be executed from any Windows’s path, relative or absolute. The steps are shown in the following screenshots (Control Panel > System > Advanced tab > Environment Variables)
Editing the php.ini Config File
Next, rename the PHP configuration file, php.ini-production to php.ini. We will use the production php config file instead of development version. It is a very good practice to backup the original php.ini file before doing any modification.
Open the config file in any unformatted text editor such as WordPad. We will make the most basic PHP configuration changes in the sense that it will not throw any errors during our practice on installing Snort and its’ add-on later.
For the PHP Extension and Application Repository (PEAR) path, the following errors normally encountered when installing PEAR if the path is not properly set in php.ini.
PEAR: Optional feature gtk2installer available (PEAR's PHP-GTK2-based installer)
PEAR: To install optional features use "pear install pear/PEAR#featurename"
WARNING! The include_path defined in the currently used php.ini does not
contain the PEAR PHP directory you just specified:
If the specified directory is also not in the include_path used by your scripts, you will have problems getting any PEAR packages working.
To solve this error, edit the following variable and make sure it is matched to the physical path else please create it manually.
; Paths and Directories;
; UNIX: "/path1:/path2"
;include_path = ".:/php/includes"
; Windows: "\path1;\path2"
include_path = ".;c:\PHP;c:\PHP\PEAR"
The following screenshot shows the physical path of the PHP files and folders.
The following parameter settings are for the errors controls. The comments should be self explanatory.
; This directive controls whether or not and where PHP will output errors,
; notices and warnings too. Error output is very useful during development, but
; it could be very dangerous in production environments. Depending on the code
; which is triggering the error, sensitive information could potentially leak
; out of your application such as database usernames and passwords or worse.
; It's recommended that errors be logged on production servers rather than
; having the errors sent to STDOUT.
; Possible Values:
; Off = Do not display any errors
; stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
; On or stdout = Display errors to STDOUT
; Default Value: On
; Development Value: On
; Production Value: Off
display_errors = On
; The display of errors which occur during PHP's startup sequence are handled
; separately from display_errors. PHP's default behavior is to suppress those
; errors from clients. Turning the display of startup errors on can be useful in
; debugging configuration problems. But, it's strongly recommended that you
; leave this setting off on production servers.
; Default Value: Off
; Development Value: On
; Production Value: Off
display_startup_errors = On
And then turn off the cgi.force_redirect parameter for IIS.
; cgi.force_redirect is necessary to provide security running PHP as a CGI under
; most web servers. Left undefined, PHP turns this on by default. You can
; turn it off here AT YOUR OWN RISK
; **You CAN safely turn this off for IIS, in fact, you MUST.**
cgi.force_redirect = 0
Set a proper time zone, else the following error will be displayed.
PHP Warning: Unknown: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for '8.0/no DST' instead in Unknown on line 0
You can choose your time zone at PHP time zone setting and change accordingly.
; Defines the default timezone used by the date functions
date.timezone = Asia/Kuala_Lumpur
If you're using NTFS on Windows NT, 2000, XP or 2003, make sure that the user running the web server has read permissions to your
(e.g. make it readable by Everyone).