array ( 0 => 'index.php', 1 => 'PHP Manual', ), 'head' => array ( 0 => 'UTF-8', 1 => 'it', ), 'this' => array ( 0 => 'security.cgi-bin.force-redirect.php', 1 => 'Case 2: using cgi.force_redirect', 2 => 'Case 2: using cgi.force_redirect', ), 'up' => array ( 0 => 'security.cgi-bin.php', 1 => 'Installed as CGI binary', ), 'prev' => array ( 0 => 'security.cgi-bin.default.php', 1 => 'Case 1: only public files served', ), 'next' => array ( 0 => 'security.cgi-bin.doc-root.php', 1 => 'Case 3: setting doc_root or user_dir', ), 'alternatives' => array ( ), 'source' => array ( 'lang' => 'en', 'path' => 'security/cgi-bin.xml', ), 'history' => array ( ), ); $setup["toc"] = $TOC; $setup["toc_deprecated"] = $TOC_DEPRECATED; $setup["parents"] = $PARENTS; manual_setup($setup); contributors($setup); ?>

Case 2: using cgi.force_redirect

The configuration directive cgi.force_redirect prevents anyone from calling php directly with a URL like http://my.host/cgi-bin/php/secretdir/script.php. Instead, PHP will only parse in this mode if it has gone through a web server redirect rule.

Usually the redirection in the Apache configuration is done with the following directives: 

Action php-script /cgi-bin/php
AddHandler php-script .php

This option has only been tested with the Apache web server, and relies on Apache to set the non-standard CGI environment variable REDIRECT_STATUS on redirected requests. If your web server does not support any way of telling if the request is direct or redirected, you cannot use this option and you must use one of the other ways of running the CGI version documented here.