PHP Handler: DSO vs CGI vs SuPHP vs FastCGI

What is PHP Handler?

PHP handler supplies the required library to interpret PHP code. Each handler delivers the libraries
through different files and implementations. Each file and implementation affects Apaches
performance, because it determines how Apache serves PHP.
You need to make the right decision on how Apache should handle your websites or web applications. I
am using WHM/cPanel to manage Apache and PHP, I will focus more on advantages and disadvantages
from cPanel point of view rather than how to install, implement or switch between each handler.

DSO
PHP runtime is loaded once, when Apache starts up and then reused for all requests.
Architecture:

Advantages:
Since DSO is only loaded once, it is faster than CGI and SuPHP
PHP can direct access to some Apache-specific calls, which gives you some more fine-grained
control on the HTTP-level.
Allow for most common PHP .htaccess (php_flag) directives to be used.
Good for single sites that require performance over ease of use and security
Suitable environment to run PHP optcode caching addon such as eAcclerator, APC or Xcache
 Well suited for low and high traffic sites but not for CMS systems like Joomla
Disadvantages:
PHP processes are handled by the user that is running httpd. In most cases, this user is the
nobody user. This means when PHP interacts with files on the file system, they have to be
accessible by the nobody user. This creates permissions issues as your normal cPanel based
user will not have access to read/write files that are owned by the nobody user without the
correct permissions changes. Most PHP web scripts need to write to files and directories and if
they are owned by the cPanel user, without changing the permissions on the files or directories
to 777, it will cause issues and in some cases, break your website
Runs not under user who owner of the site, so you will have to manually manage the
permissions on a per user basis to ensure that your PHP apps/scripts can read and write to the
files and directories of which it needs to function
Any changes on PHP configuration, will required to restart Apache service to make sure the
module being reloaded

CGI
A new PHP CGI process is invoked on each Apache request for PHP processing.
Architecture:

Advantages:
Good for shared hosting environment. Well suited for medium traffic sites
Since you are on cPanel, user nobody can be disallowed to send mails to remote addresses in
WHM under WHM > Tweak Settings > Mail > Prevent nobody from sending mail options
Run on separate process with user who owns the files, so you can easily monitor which user run
the specific PHP process. Administrators can easily find the users running dangerous scripts
Configuration can be customize in httpd.conf, main php.ini or per vhost php.ini
 Less headache on file permission management
Disadvantages:
PHP websites will be slower
No PHP directives are allowed in .htaccess
Less secure than SuPHP
High number of connections can lead to heavy load on the server
Exposed to malicious attack, hack, exploit and injection because PHP run as the files ownership

SuPHP
Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to
change the uid of the process executing the PHP interpreter.
Architecture:

Advantages:
Good for shared hosting environment. Well suited for medium traffic sites
More secure than DSO especially with Suhosin extension (Suhosin might require tweaking
some of its directives for some scripts)
Since you are on cPanel, user nobody can be disallowed to send mails to remote addresses in
WHM under WHM > Tweak Settings > Mail > Prevent nobody from sending mail options
Run on separate process with user who owns the files, so you can easily monitor which user run
the specific PHP process. Administrators can easily find the users running dangerous scripts
Configuration can be customize in httpd.conf, main php.ini or per vhost php.ini
Less headache on file permission management
Disadvantages:
PHP websites will be slower
 No PHP directives are allowed in .htaccess
High number of connections can lead to heavy load on the server
Exposed to malicious attack, hack, exploit and injection because PHP run as the files ownership

FastCGI
PHP being loaded by FastCGI module in Apache. FastCGI is an open extension to CGI that provides
high performance for all Internet applications.
Architecture:

Advantages:
Faster than other PHP handlers
Good for a high traffic site
The Apache client slots will stay much smaller, and you only have to load as many copies of
PHP as the number of PHP scripts youre running at any given time
Good choice for saving memory usage
Disadvantages:
Configuration can be customize in httpd.conf, main php.ini or per vhost php.ini but not as easy
as CGI and SuPHP. You need to create a script in cgi-bin folder to set PHPRC environment
whenever PHP is executed
No PHP directives are allowed in .htaccess
Exposed to malicious attack, hack, exploit and injection because PHP run as the files ownership
PHP processes are running permanently even if no page is requested, this is faster and fine for a
high traffic site but for a small homepage with 100 pageviews per hour you would waste
resources
Conclusion
Every handler has advantages and disadvantages and there is no handler which always better than
another. You must choose the right handler to make sure that your concern (performance? security?
ease to manage?) can be fulfill. Cheers!