httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott (firstclasswatches.co.uk)" <scott.lu...@firstclasswatches.co.uk>
Subject Re: [users@httpd] A very strange "minor" issue with PHP-FPM with Apache 2.4 (security, privacy related)
Date Mon, 23 Mar 2015 15:23:14 GMT
Hello,

Ok fair enough. I don't think what I have is exotic, SetHandler is usually
how PHP is traditionally implemented in non FPM setups and this extends it
to mod_proxy_fcgi. If anybody spots any problems with my approach I would
love to hear about it but so far it has been stable.

For what you have, you could add an [L] flag to your RewriteRule
http://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_l

I believe that stops processing on match and then after that you could
write another rule to match everything that is not on the file system and
give a 404 response [R=404].

# Is the request for a non-existent file?RewriteCond
%{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule
.* 404.html [R=404]



Kind Regards,

Scott

First Class Watches
9 Warwick Road
Kenilworth
CV8 1HD
Warwickshire
United Kingdom

On 23 March 2015 at 15:02, <hushthatbush@hushmail.com> wrote:

> Hey. I'm not saying that your method wouldn't work, but I feel very
> uncomfortable deviating so far from the official guide. I don't want an
> exotic, special configuration that is prone to break in the future. I
> really want to know what's wrong with what I have, if anyone is able to
> tell. I really don't get how this can be so hard. :/
>
> On 2015-03-23 at 3:43 PM, "Scott (firstclasswatches.co.uk)" <
> scott.lucas@firstclasswatches.co.uk> wrote:
> >
> >Hello,
> >
> >I believe that using a SetHandler approach (in my case with a UDS)
> >is the
> >most reliable way to use mod_proxy_fcgi with PHP-FPM as I believe
> >this
> >requires resolution of the script before it is passed to PHP-FPM.
> >
> >        <IfModule mod_proxy_fcgi.c>
> >                ProxyErrorOverride On
> >                <FilesMatch \.php$>
> >                    SetHandler
> >"proxy:unix:/var/run/php-fpm/php.sock|fcgi://localhost"
> >                </FilesMatch>
> >                <Proxy fcgi://localhost>
> >                </Proxy>
> >        </IfModule>
> >
> >It works with rewrites too in my usage. I still get some errors
> >but I think
> >it is mainly due to clients disconnecting before the response is
> >sent
> >through. HTTP errors appear to be handled by Apache.
> >
> >Kind Regards,
> >
> >Scott
> >
> >First Class Watches
> >9 Warwick Road
> >Kenilworth
> >CV8 1HD
> >Warwickshire
> >United Kingdom
> >
> >On 21 March 2015 at 02:01, <hushthatbush@hushmail.com> wrote:
> >
> >> Dear Apache HTTP Server community,
> >>
> >> A few months ago, I finally switched over my PHP from using
> >mod_php to
> >> PHP-FPM. I have it mostly working, except for one very annoying
> >thing that
> >> I hope you can help me with.
> >>
> >> For my test vhost, I have a config that has a lot of
> >RewriteRules and ends
> >> with this:
> >>
> >> RewriteRule ^/(.*\.php)$ fcgi://
> >> 127.0.0.1:9000/usr/local/www/apache24/data/Example.net/www/$1 [P]
> >>
> >> This works. If I access: http://www.example.net/test
> >> then Apache does the rewriting and ends up sending a test.php to
> >PHP-FPM,
> >> which parses it. Great.
> >>
> >> The only problem I have is that if I request a non-existent PHP
> >file, such
> >> as: http://www.example.net/abc.php
> >> then Apache still sends this request to PHP-FPM, which proceeds
> >to display
> >> a plain "File not found." message, telling anyone from the
> >public who
> >> checks a made-up.php file on my domain that I:
> >>
> >> * Run PHP.
> >> * Use PHP-FPM.
> >>
> >> Obviously, I do not want to send over control to PHP-FPM if the
> >final file
> >> requested doesn't actually exist on the server. So I added this
> >> RewriteCond, hoping that it would solve exactly this:
> >>
> >> RewriteCond %{REQUEST_FILENAME} -f
> >> RewriteRule ^/(.*\.php)$ fcgi://
> >> 127.0.0.1:9000/usr/local/www/apache24/data/Example.net/www/$1 [P]
> >>
> >> However, if I restart Apache HTTP Server (2.4) and load
> >> http://www.example.net/test
> >> then I will get a blank page. No output at all. No errors logged
> >anywhere
> >> (no Apache error log, no PHP-FPM log, no PHP log). Please note
> >that only
> >> that RewriteCond was added, in an attempt to make the "send this
> >to
> >> PHP-FPM" not trigger unless the file requested (or determined
> >after all the
> >> normal RewriteConds) actually exists.
> >>
> >> I'm very confused now. Why is it behaving like this? It doesn't
> >add up to
> >> me. Please tell me what's wrong.
> >>
> >> PS: If you wonder why I don't use ProxyPassMatch or something
> >(which the
> >> official PHP-FPM guide tells you to use), it's because of "some
> >sort or
> >> problems" that I cannot remember anymore. I think it was related
> >to the
> >> RewriteRules or something. The official guide on PHP-FPM with
> >Apache is
> >> very naive in my opinion. It assumes that you use no
> >RewriteRules or
> >> anything, which I consider crucial.
> >>
> >>
> >> -----------------------------------------------------------------
> >----
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message