httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott (firstclasswatches.co.uk)" <scott.lu...@firstclasswatches.co.uk>
Subject Re: [users@httpd] A very strange "minor" issue with PHP-FPM with Apache 2.4 (security, privacy related)
Date Mon, 23 Mar 2015 15:28:40 GMT
Although I am not sure why it is not defaulting to 404 either.

Kind Regards,

Scott

First Class Watches
9 Warwick Road
Kenilworth
CV8 1HD
Warwickshire
United Kingdom

On 23 March 2015 at 15:23, Scott (firstclasswatches.co.uk) <
scott.lucas@firstclasswatches.co.uk> wrote:

> Hello,
>
> Ok fair enough. I don't think what I have is exotic, SetHandler is usually
> how PHP is traditionally implemented in non FPM setups and this extends it
> to mod_proxy_fcgi. If anybody spots any problems with my approach I would
> love to hear about it but so far it has been stable.
>
> For what you have, you could add an [L] flag to your RewriteRule
> http://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_l
>
> I believe that stops processing on match and then after that you could
> write another rule to match everything that is not on the file system and
> give a 404 response [R=404].
>
> # Is the request for a non-existent file?RewriteCond %{REQUEST_FILENAME} !-fRewriteCond
%{REQUEST_FILENAME} !-dRewriteRule .* 404.html [R=404]
>
>
>
> Kind Regards,
>
> Scott
>
> First Class Watches
> 9 Warwick Road
> Kenilworth
> CV8 1HD
> Warwickshire
> United Kingdom
>
> On 23 March 2015 at 15:02, <hushthatbush@hushmail.com> wrote:
>
>> Hey. I'm not saying that your method wouldn't work, but I feel very
>> uncomfortable deviating so far from the official guide. I don't want an
>> exotic, special configuration that is prone to break in the future. I
>> really want to know what's wrong with what I have, if anyone is able to
>> tell. I really don't get how this can be so hard. :/
>>
>> On 2015-03-23 at 3:43 PM, "Scott (firstclasswatches.co.uk)" <
>> scott.lucas@firstclasswatches.co.uk> wrote:
>> >
>> >Hello,
>> >
>> >I believe that using a SetHandler approach (in my case with a UDS)
>> >is the
>> >most reliable way to use mod_proxy_fcgi with PHP-FPM as I believe
>> >this
>> >requires resolution of the script before it is passed to PHP-FPM.
>> >
>> >        <IfModule mod_proxy_fcgi.c>
>> >                ProxyErrorOverride On
>> >                <FilesMatch \.php$>
>> >                    SetHandler
>> >"proxy:unix:/var/run/php-fpm/php.sock|fcgi://localhost"
>> >                </FilesMatch>
>> >                <Proxy fcgi://localhost>
>> >                </Proxy>
>> >        </IfModule>
>> >
>> >It works with rewrites too in my usage. I still get some errors
>> >but I think
>> >it is mainly due to clients disconnecting before the response is
>> >sent
>> >through. HTTP errors appear to be handled by Apache.
>> >
>> >Kind Regards,
>> >
>> >Scott
>> >
>> >First Class Watches
>> >9 Warwick Road
>> >Kenilworth
>> >CV8 1HD
>> >Warwickshire
>> >United Kingdom
>> >
>> >On 21 March 2015 at 02:01, <hushthatbush@hushmail.com> wrote:
>> >
>> >> Dear Apache HTTP Server community,
>> >>
>> >> A few months ago, I finally switched over my PHP from using
>> >mod_php to
>> >> PHP-FPM. I have it mostly working, except for one very annoying
>> >thing that
>> >> I hope you can help me with.
>> >>
>> >> For my test vhost, I have a config that has a lot of
>> >RewriteRules and ends
>> >> with this:
>> >>
>> >> RewriteRule ^/(.*\.php)$ fcgi://
>> >> 127.0.0.1:9000/usr/local/www/apache24/data/Example.net/www/$1 [P]
>> >>
>> >> This works. If I access: http://www.example.net/test
>> >> then Apache does the rewriting and ends up sending a test.php to
>> >PHP-FPM,
>> >> which parses it. Great.
>> >>
>> >> The only problem I have is that if I request a non-existent PHP
>> >file, such
>> >> as: http://www.example.net/abc.php
>> >> then Apache still sends this request to PHP-FPM, which proceeds
>> >to display
>> >> a plain "File not found." message, telling anyone from the
>> >public who
>> >> checks a made-up.php file on my domain that I:
>> >>
>> >> * Run PHP.
>> >> * Use PHP-FPM.
>> >>
>> >> Obviously, I do not want to send over control to PHP-FPM if the
>> >final file
>> >> requested doesn't actually exist on the server. So I added this
>> >> RewriteCond, hoping that it would solve exactly this:
>> >>
>> >> RewriteCond %{REQUEST_FILENAME} -f
>> >> RewriteRule ^/(.*\.php)$ fcgi://
>> >> 127.0.0.1:9000/usr/local/www/apache24/data/Example.net/www/$1 [P]
>> >>
>> >> However, if I restart Apache HTTP Server (2.4) and load
>> >> http://www.example.net/test
>> >> then I will get a blank page. No output at all. No errors logged
>> >anywhere
>> >> (no Apache error log, no PHP-FPM log, no PHP log). Please note
>> >that only
>> >> that RewriteCond was added, in an attempt to make the "send this
>> >to
>> >> PHP-FPM" not trigger unless the file requested (or determined
>> >after all the
>> >> normal RewriteConds) actually exists.
>> >>
>> >> I'm very confused now. Why is it behaving like this? It doesn't
>> >add up to
>> >> me. Please tell me what's wrong.
>> >>
>> >> PS: If you wonder why I don't use ProxyPassMatch or something
>> >(which the
>> >> official PHP-FPM guide tells you to use), it's because of "some
>> >sort or
>> >> problems" that I cannot remember anymore. I think it was related
>> >to the
>> >> RewriteRules or something. The official guide on PHP-FPM with
>> >Apache is
>> >> very naive in my opinion. It assumes that you use no
>> >RewriteRules or
>> >> anything, which I consider crucial.
>> >>
>> >>
>> >> -----------------------------------------------------------------
>> >----
>> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >> For additional commands, e-mail: users-help@httpd.apache.org
>> >>
>> >>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>

Mime
View raw message