httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergei Franco <sergei.fra...@gmail.com>
Subject Re: [users@httpd] mod_proxy_fcgi not honouring .htaccess, work around needed.
Date Thu, 10 Jul 2014 02:24:29 GMT
Hi,

It appears that the problem is not solved.
Here is a scenario where it fails:

having .htaccess with RewriteEngine On (or any RewriteRule) will
"disable" RewriteRules defined inside of the <Directory> in the site
conf.

How to replicate:

Have a basic <Directory /var/www/site> with any simple rewrite rule, I
used 'RewriteRule . - [F]' as example.
Without rewrite related stuff inside of the .htaccess file the
response is 403 (as expected)
Now, inside of the directory (or subdirectory), place an .htaccess
file, with simple Rewrite Engine On, it completely ignores the rewrite
rules defined in <Directory>.

I cannot explain this behaviour at all.

Thank you.


Sergei.


On 9 July 2014 22:35, Edgar Pettijohn <edgar@pettijohn.no-ip.biz> wrote:
> I'm glad you found it.
>
> On 07/08/2014 11:17 PM, Sergei Franco wrote:
>> Hi Edgar,
>>
>> I found that I was wrong about .htaccess not working inside of <Directory>
tag:
>>
>>     RewriteMap and standard rewrite lookup of the user dirs goes here
>>
>>     <Directory /PATH_TO_WWW/*>
>>           Standard directory conf goes here
>>
>>           RewriteRule ^(.*\.php)$ fcgi://IP_OF_THE_FPM:FPM_PORT/$1 [P,L]
>>
>>     </Directory>
>>
>> Basically the secret (for me at least) I needed to put rewrite rule
>> that proxies through inside directory tags that are for common
>> directory of the users with *.
>>
>> so if I have users in /var/www/$username , the directory tag should
>> look like this: <Directory /var/www/*>
>>
>> TL;DR: use proxy rewirte rule inside of directory tags for the common
>> users directory.
>>
>>
>> Thank you very much,
>>
>> Sergei.
>>
>> On 9 July 2014 13:35, Sergei Franco <sergei.franco@gmail.com> wrote:
>>> Hi,
>>>
>>> Here is (redacted) portion of virtual section I use (I replaced real
>>> IP address with [IP]):
>>>
>>> RewriteMap vhost dbm=db:/[somepath]/vhost.db
>>> RewriteMap port-fpm dbm=db:/[somepath]/fpmports.db
>>>
>>> RewriteCond ${lowercase:%{SERVER_NAME}} ^(.+)$
>>> RewriteRule ^.*$ - [E=WEBSITE:%1]
>>>
>>> RewriteCond ${vhost:%{env:WEBSITE}} ^(/.*)$
>>> RewriteRule ^.*$ - [E=WEBDIR:%1]
>>>
>>> RewriteCond ${port-fpm:%{env:WEBSITE}} ^(.+)$
>>> RewriteRule ^.*$ - [E=PORTFPM:%1]
>>>
>>> RewriteCond %{env:WEBDIR} ^(/.*)$
>>> RewriteRule ^/(.*)$ %1/htdocs/$1
>>>
>>> RewriteRule ^/(.*\.php)$ fcgi://REDACTEDIP:%{env:PORTFPM}/$1 [P,L]
>>>
>>> rest is pretty standard.
>>>
>>> The above rules are there to dynamically assign port and vhost
>>> directory... This all works really well (were we have nodes behind LVS
>>> which listen to different port per user). The only thing does not work
>>> is htaccess being ignored due to apache not considering local requests
>>> that are rewritten to mod_proxy_fcgi.
>>>
>>> Regarding the logs,
>>>
>>> Here is the debug (I assume this is picked up from <Directory> definition):
>>> [Wed Jul 09 13:10:30.072748 2014] [authz_core:debug] [pid 2195]
>>> mod_authz_core.c(802): [client REDACTEDIP:31561] AH01626:
>>> authorization result of <RequireAny>: granted, referer:
>>> http://test.REDACTED/wordpress/wp-login.php?loggedout=true
>>>
>>> More rewrite debug:
>>>
>>> Here is the result of the 'php' file (expected 403 but got pass through):
>>> [Wed Jul 09 13:15:30.561226 2014] [rewrite:trace2] [pid 3030]
>>> mod_rewrite.c(468): [client REDACTEDIP:23497] REDACTEDIP - -
>>> [test.REDACTED/sid#7f70347d8f30][rid#7f702f4090a0/initial] rewrite
>>> '/wordpress/wp-login.php' ->
>>> 'fcgi://REDACTEDIP:PORT/REDACTEDPATH/test.REDACTED/htdocs/wordpress/wp-login.php'
>>>
>>> And here is the result of the non-php file (expected 403, got 403):
>>> [Wed Jul 09 13:15:30.709276 2014] [rewrite:trace2] [pid 3030]
>>> mod_rewrite.c(468): [client REDACTEDIP:23497] REDACTEDIP - -
>>> [test.REDACTED/sid#7f70347d8f30][rid#7f70347ad0a0/initial] [perdir
>>> /REDACTEDPATH/test.REDACTED/htdocs/wordpress/] forcing responsecode
>>> 403 for /REDACTEDPATH/test.REDACTED/htdocs/wordpress/wp-includes/css/dashicons.min.css,
>>> referer: http://testREDACTED./wordpress/wp-login.php?loggedout=true
>>>
>>>
>>> Thank you very much.
>>>
>>> Sergei.
>>>
>>>
>>> On 9 July 2014 12:36, Edgar Pettijohn <edgar@pettijohn.no-ip.biz> wrote:
>>>> On 07/08/2014 06:00 PM, Sergei Franco wrote:
>>>>> Hi,
>>>>>
>>>>> I am using apache 2.4.7 with mod_proxy_fcgi for purpose of passing
>>>>> through php to php-fpm (this will be used for shared hosting
>>>>> environment).
>>>>> The htaccess works fine for non php files, but once it hit rewrite
>>>>> rule that proxies through the php requests, the htaccess is ignored.
>>>>>
>>>>> I know why it is happening.
>>>>>
>>>>> The question how do I force apache to treat the request to php file as
>>>>> a request to local file, and then proxy it through?
>>>>>
>>>>> I have spent substantial time in researching on this problem, and
>>>>> following "answers" were given as solution:
>>>>>
>>>>> 1) "use apache configuration instead of .htaccess" it is valid
>>>>> solution, but not for shared hosting environment (I am not going to
>>>>> give access to apache configuration to shared hosting customers ;)).
>>>>> 2) "don't use .htaccess, as it has performance/security/other issues",
>>>>> well how else would shared hosting customers control access/url
>>>>> rewriting on their site? Besides if the .htaccess was not a
>>>>> requirement I would simply use nginx.
>>>>> 3) "put rewrite rule for proxy inside of <directory>" - this is
>>>>> incorrect, and it does not work.
>>>>>
>>>>>
>>>>> This behaviour appears to be not a bug but a "feature" as per
>>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=54887
>>>>>
>>>>>
>>>>> Thank you very much.
>>>>>
>>>>>
>>>>> Sergei.
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>>
>>>> Your httpd.conf and logs would be helpful.
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message