Differences

This shows you the differences between two versions of the page.

--- servers:windows:freenginx_php_php-cgi [2026/03/11 14:32] – Sean Rhone
+++ servers:windows:freenginx_php_php-cgi [2026/03/25 08:59] (current) – [PHP-CGI] Really NTS :p (Thread Safe works though) Sean Rhone
@@ Line 23: / Line 23: @@
 ===== PHP-CGI =====
-  * https://windows.php.net/download/
+  * https://www.php.net/downloads.php
-  * https://windows.php.net/qa/
+  * https://www.php.net/pre-release-builds.php
   * x64 Non Thread Safe
-  * Last tested: ''php-8.5.1-nts-Win32-vs17-x64.zip''
+  * Last tested: ''php-8.5.5RC1-nts-Win32-vs17-x64.zip''
   * Extract to root system drive for ''C:\php-*\php-cgi.exe''
@@ Line 35: / Line 35: @@
   "%SystemRoot%\System32\SystemPropertiesAdvanced.exe"
-  C:\php-8.5.1-nts-Win32-vs17-x64
+  C:\php-8.5.5RC1-nts-Win32-vs17-x64
 ====== Firewall ======
@@ Line 271: / Line 271: @@
   "%SystemRoot%\System32\schtasks.exe" /Create /SC "ONLOGON" /TN "nginx" /TR "%SystemDrive%\www\scripts\nginx\Start.bat" /F
-===== Resources =====
+====== Resources ======
   * https://nginx.org/en/docs/windows.html
@@ Line 279: / Line 279: @@
   * https://www.php.net/manual/en/image.installation.php
   * [[https://www.ssllabs.com/ssltest/analyze.html?d=wiki.realmofespionage.xyz|Qualys SSL Test]]
+====== TODO ======
+===== Exploit Protection =====
+  * https://learn.microsoft.com/en-us/defender-endpoint/exploit-protection-reference
+==== nginx ====
+  nginx.exe
+  * Arbitrary code guard (ACG): On
+    * ''[ ]'' Allow thread opt-out
+  * Block low integrity images: On
+  * Block remote images: On
+  * Block untrusted fonts: On
+  * Control integrity guard: On
+    * ''[ ]'' Also allow loading of images signed by Microsoft Store
+  * Control flow guard (CFG): On
+    * :!: ''[ ]'' Use strict CFG
+  * Data Execution Prevention (DEP): On
+    * ''[ ]'' Enable ATL thunk emulation
+  * Disable extension points: On
+  * :!: Disable Win32k system calls: Off
+  * :!: Do not allow child processes: Off
+  * Export address filtering (EAF): On
+    * ''[x]'' Validate access for modules that are commonly abused by exploits.
+  * Force randomization for images (Mandatory ASLR): On
+    * ''[x]'' Do not allow stripped images
+  * Hardware-enforced Stack Protection: On
+    * ''[x]'' Enforce for all modules instead of only compatible modules
+  * Import address filtering (IAF): On
+  * Randomize memory allocations (Bottom-up ASLR): On
+    * ''[ ]'' Don't use high entropy
+  * Simulate execution (SimExec): On
+  * Validate API invocation (CallerCheck): On
+  * Validate exception chains (SEHOP): On
+  * Validate handle usage: On
+  * Validate heap integrity: On
+  * Validate image dependency integrity: On
+  * Validate stack integrity (StackPivot): On
+==== PHP-CGI ====
+  php-cgi.exe
+  * :!: Arbitrary code guard (ACG): Off
+  * Block low integrity images: On
+  * Block remote images: On
+  * Block untrusted fonts: On
+  * :!: Control integrity guard: Off
+  * Control flow guard (CFG): On
+    * :!: ''[ ]'' Use strict CFG
+  * Data Execution Prevention (DEP): On
+    * ''[ ]'' Enable ATL thunk emulation
+  * Disable extension points: On
+  * :!: Disable Win32k system calls: Off
+  * :!: Do not allow child processes: Off
+  * Export address filtering (EAF): On
+    * ''[x]'' Validate access for modules that are commonly abused by exploits.
+  * Force randomization for images (Mandatory ASLR): On
+    * ''[x]'' Do not allow stripped images
+  * Hardware-enforced Stack Protection: On
+    * ''[x]'' Enforce for all modules instead of only compatible modules
+  * Import address filtering (IAF): On
+  * Randomize memory allocations (Bottom-up ASLR): On
+    * ''[ ]'' Don't use high entropy
+  * Simulate execution (SimExec): On
+  * Validate API invocation (CallerCheck): On
+  * Validate exception chains (SEHOP): On
+  * Validate handle usage: On
+  * Validate heap integrity: On
+  * Validate image dependency integrity: On
+  * Validate stack integrity (StackPivot): On