httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edgar Pettijohn <ed...@pettijohn.no-ip.biz>
Subject Re: [users@httpd] mod_proxy_fcgi not honouring .htaccess, work around needed.
Date Wed, 09 Jul 2014 10:35:09 GMT
I'm glad you found it.

On 07/08/2014 11:17 PM, Sergei Franco wrote:
> Hi Edgar,
>
> I found that I was wrong about .htaccess not working inside of <Directory> tag:
>
>     RewriteMap and standard rewrite lookup of the user dirs goes here
>
>     <Directory /PATH_TO_WWW/*>
>           Standard directory conf goes here
>
>           RewriteRule ^(.*\.php)$ fcgi://IP_OF_THE_FPM:FPM_PORT/$1 [P,L]
>
>     </Directory>
>
> Basically the secret (for me at least) I needed to put rewrite rule
> that proxies through inside directory tags that are for common
> directory of the users with *.
>
> so if I have users in /var/www/$username , the directory tag should
> look like this: <Directory /var/www/*>
>
> TL;DR: use proxy rewirte rule inside of directory tags for the common
> users directory.
>
>
> Thank you very much,
>
> Sergei.
>
> On 9 July 2014 13:35, Sergei Franco <sergei.franco@gmail.com> wrote:
>> Hi,
>>
>> Here is (redacted) portion of virtual section I use (I replaced real
>> IP address with [IP]):
>>
>> RewriteMap vhost dbm=db:/[somepath]/vhost.db
>> RewriteMap port-fpm dbm=db:/[somepath]/fpmports.db
>>
>> RewriteCond ${lowercase:%{SERVER_NAME}} ^(.+)$
>> RewriteRule ^.*$ - [E=WEBSITE:%1]
>>
>> RewriteCond ${vhost:%{env:WEBSITE}} ^(/.*)$
>> RewriteRule ^.*$ - [E=WEBDIR:%1]
>>
>> RewriteCond ${port-fpm:%{env:WEBSITE}} ^(.+)$
>> RewriteRule ^.*$ - [E=PORTFPM:%1]
>>
>> RewriteCond %{env:WEBDIR} ^(/.*)$
>> RewriteRule ^/(.*)$ %1/htdocs/$1
>>
>> RewriteRule ^/(.*\.php)$ fcgi://REDACTEDIP:%{env:PORTFPM}/$1 [P,L]
>>
>> rest is pretty standard.
>>
>> The above rules are there to dynamically assign port and vhost
>> directory... This all works really well (were we have nodes behind LVS
>> which listen to different port per user). The only thing does not work
>> is htaccess being ignored due to apache not considering local requests
>> that are rewritten to mod_proxy_fcgi.
>>
>> Regarding the logs,
>>
>> Here is the debug (I assume this is picked up from <Directory> definition):
>> [Wed Jul 09 13:10:30.072748 2014] [authz_core:debug] [pid 2195]
>> mod_authz_core.c(802): [client REDACTEDIP:31561] AH01626:
>> authorization result of <RequireAny>: granted, referer:
>> http://test.REDACTED/wordpress/wp-login.php?loggedout=true
>>
>> More rewrite debug:
>>
>> Here is the result of the 'php' file (expected 403 but got pass through):
>> [Wed Jul 09 13:15:30.561226 2014] [rewrite:trace2] [pid 3030]
>> mod_rewrite.c(468): [client REDACTEDIP:23497] REDACTEDIP - -
>> [test.REDACTED/sid#7f70347d8f30][rid#7f702f4090a0/initial] rewrite
>> '/wordpress/wp-login.php' ->
>> 'fcgi://REDACTEDIP:PORT/REDACTEDPATH/test.REDACTED/htdocs/wordpress/wp-login.php'
>>
>> And here is the result of the non-php file (expected 403, got 403):
>> [Wed Jul 09 13:15:30.709276 2014] [rewrite:trace2] [pid 3030]
>> mod_rewrite.c(468): [client REDACTEDIP:23497] REDACTEDIP - -
>> [test.REDACTED/sid#7f70347d8f30][rid#7f70347ad0a0/initial] [perdir
>> /REDACTEDPATH/test.REDACTED/htdocs/wordpress/] forcing responsecode
>> 403 for /REDACTEDPATH/test.REDACTED/htdocs/wordpress/wp-includes/css/dashicons.min.css,
>> referer: http://testREDACTED./wordpress/wp-login.php?loggedout=true
>>
>>
>> Thank you very much.
>>
>> Sergei.
>>
>>
>> On 9 July 2014 12:36, Edgar Pettijohn <edgar@pettijohn.no-ip.biz> wrote:
>>> On 07/08/2014 06:00 PM, Sergei Franco wrote:
>>>> Hi,
>>>>
>>>> I am using apache 2.4.7 with mod_proxy_fcgi for purpose of passing
>>>> through php to php-fpm (this will be used for shared hosting
>>>> environment).
>>>> The htaccess works fine for non php files, but once it hit rewrite
>>>> rule that proxies through the php requests, the htaccess is ignored.
>>>>
>>>> I know why it is happening.
>>>>
>>>> The question how do I force apache to treat the request to php file as
>>>> a request to local file, and then proxy it through?
>>>>
>>>> I have spent substantial time in researching on this problem, and
>>>> following "answers" were given as solution:
>>>>
>>>> 1) "use apache configuration instead of .htaccess" it is valid
>>>> solution, but not for shared hosting environment (I am not going to
>>>> give access to apache configuration to shared hosting customers ;)).
>>>> 2) "don't use .htaccess, as it has performance/security/other issues",
>>>> well how else would shared hosting customers control access/url
>>>> rewriting on their site? Besides if the .htaccess was not a
>>>> requirement I would simply use nginx.
>>>> 3) "put rewrite rule for proxy inside of <directory>" - this is
>>>> incorrect, and it does not work.
>>>>
>>>>
>>>> This behaviour appears to be not a bug but a "feature" as per
>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=54887
>>>>
>>>>
>>>> Thank you very much.
>>>>
>>>>
>>>> Sergei.
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>> Your httpd.conf and logs would be helpful.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message