The cgi.force_redirect
php.ini configuration is on by default, and it prevents unauthenticated access to scripts when PHP is
running as a CGI. Unfortunately, it must be disabled on IIS, OmniHTTPD and Xitami, but in all other cases it should be on.
This rule raises an issue when when cgi.force_redirect
is explicitly disabled.
Noncompliant Code Example
; php.ini
cgi.force_redirect=0 ; Noncompliant
See