httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Zuelke>
Subject Re: 2.4.27
Date Tue, 18 Jul 2017 13:33:38 GMT
You need to use SetHandler. You can't use rewrites with ProxyPass because of the order of evaluation.

Example config:

Define php-fpm unix:/tmp/php-fpm.sock|fcgi://php-fpm
# make sure the proxy is registered with the unix socket; we can then use just "fcgi://php-fpm"
in proxy and rewrites directives
# we have to do this because we can't rewrite to a UDS location and because PHP doesn't support
the unix:...|fcgi://... syntax
# this is also a lot more convenient for users
<Proxy "${php-fpm}">
    # we must declare a parameter in here or it'll not register the proxy ahead of time
    # min=0 is an obvious candidate since that's the default value already and sensible
    ProxySet min=0
<VirtualHost ...>
    # pass requests to .php files to mod_proxy_fcgi
    # this requires Apache 2.4.10+ and PHP 5.5.15+ to work properly
    <FilesMatch \.php$>
        <If "-f %{REQUEST_FILENAME}"> # make sure the file exists so that if not, Apache
will show its 404 page and not FPM
            SetHandler proxy:fcgi://php-fpm

You can then simply rewrite to index.php etc, and it'll work.

Further questions should be taken to the users list though, as this one here is for development
of httpd...

> On 17. Jul 2017, at 19:25, Helmut K. C. Tessarek <> wrote:
> On 2017-07-17 03:50, Luca Toscano wrote:
>> mod-proxy-fcgi is the preferred solution over mod-fcgi, and we have
>> documentation about it. Any specific reason to use libapache2-mod-fcgid?
>> (asking for curiosity and/or to decide if a doc update is needed :)
> I am using mod_proxy_fcgi exactly for that reason (stated on
> But the documentation
> ( is IMO a bit off.
>> Can you please be more specific? What errors do you see? In case please
>> open a task in bugzilla so we'll be able to debug it :)
> Even according to the documentation for mod_proxy_fcgi, UDS does not
> support connection reuse.
> In my case it broke POST requests. I then googled and found a bunch of
> articles and stackexchange entries that suggested to remove the
> enablereuse=on option from the Proxy section.
> Only after removing the Proxy directive completely, everything started
> to work as expected.
> Except from the mod_rewrite issue I experience. I'm still debugging it,
> but mod_rewrite behaves differently between mod_php and mod_proxy_fcgi,
> which should not happen at all, since rewrite shouldn't care or know
> about the backend. I also googled and found a few entries, none of which
> helped me:
>>    Using ProxyPassMatch is not only dangerous, it also has precedence over
>>    a FilesMatch directive, which in turn limits your ability to restrict
>>    access to certain resources. At least that was the case a couple of
>>    years back.
>> Dangerous in what way? Can you please be more specific and/or add examples?
> I'm sorry, my bad. I should not have generalized it. ProxyPass and
> ProxyPassMatch _can_ be dangerous. I see 2 main issues:
> 1) The match part can be set too wide, which could allow php-fpm to
> interpret the wrong file.
> 2) The documentation also states:
> Warning: when you ProxyPass a request to another server (in this case,
> the php-fpm daemon), authentication restrictions, and other
> configurations placed in a Directory block or .htaccess file, may be
> bypassed.
> So ProxyPass has precedence over other directives. It is evaluated
> first. This can lead to a number of problems.
> Anyway, as long as you are aware of it, the impact can be minimized. Yet
> I believe it is too dangerous for the average Joe.
> -- 
> regards Helmut K. C. Tessarek              KeyID 0xF7832007C11F128D
> Key fingerprint = 28A3 1666 4FE8 D72C CFD5 8B23 F783 2007 C11F 128D
> /*
>   Thou shalt not follow the NULL pointer for chaos and madness
>   await thee at its end.
> */

View raw message