Hi,
Here is (redacted) portion of virtual section I use (I replaced real
IP address with [IP]):
RewriteMap vhost dbm=db:/[somepath]/vhost.db
RewriteMap port-fpm dbm=db:/[somepath]/fpmports.db
RewriteCond ${lowercase:%{SERVER_NAME}} ^(.+)$
RewriteRule ^.*$ - [E=WEBSITE:%1]
RewriteCond ${vhost:%{env:WEBSITE}} ^(/.*)$
RewriteRule ^.*$ - [E=WEBDIR:%1]
RewriteCond ${port-fpm:%{env:WEBSITE}} ^(.+)$
RewriteRule ^.*$ - [E=PORTFPM:%1]
RewriteCond %{env:WEBDIR} ^(/.*)$
RewriteRule ^/(.*)$ %1/htdocs/$1
RewriteRule ^/(.*\.php)$ fcgi://REDACTEDIP:%{env:PORTFPM}/$1 [P,L]
rest is pretty standard.
The above rules are there to dynamically assign port and vhost
directory... This all works really well (were we have nodes behind LVS
which listen to different port per user). The only thing does not work
is htaccess being ignored due to apache not considering local requests
that are rewritten to mod_proxy_fcgi.
Regarding the logs,
Here is the debug (I assume this is picked up from <Directory> definition):
[Wed Jul 09 13:10:30.072748 2014] [authz_core:debug] [pid 2195]
mod_authz_core.c(802): [client REDACTEDIP:31561] AH01626:
authorization result of <RequireAny>: granted, referer:
http://test.REDACTED/wordpress/wp-login.php?loggedout=true
More rewrite debug:
Here is the result of the 'php' file (expected 403 but got pass through):
[Wed Jul 09 13:15:30.561226 2014] [rewrite:trace2] [pid 3030]
mod_rewrite.c(468): [client REDACTEDIP:23497] REDACTEDIP - -
[test.REDACTED/sid#7f70347d8f30][rid#7f702f4090a0/initial] rewrite
'/wordpress/wp-login.php' ->
'fcgi://REDACTEDIP:PORT/REDACTEDPATH/test.REDACTED/htdocs/wordpress/wp-login.php'
And here is the result of the non-php file (expected 403, got 403):
[Wed Jul 09 13:15:30.709276 2014] [rewrite:trace2] [pid 3030]
mod_rewrite.c(468): [client REDACTEDIP:23497] REDACTEDIP - -
[test.REDACTED/sid#7f70347d8f30][rid#7f70347ad0a0/initial] [perdir
/REDACTEDPATH/test.REDACTED/htdocs/wordpress/] forcing responsecode
403 for /REDACTEDPATH/test.REDACTED/htdocs/wordpress/wp-includes/css/dashicons.min.css,
referer: http://testREDACTED./wordpress/wp-login.php?loggedout=true
Thank you very much.
Sergei.
On 9 July 2014 12:36, Edgar Pettijohn <edgar@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On 07/08/2014 06:00 PM, Sergei Franco wrote:
>> Hi,
>>
>> I am using apache 2.4.7 with mod_proxy_fcgi for purpose of passing
>> through php to php-fpm (this will be used for shared hosting
>> environment).
>> The htaccess works fine for non php files, but once it hit rewrite
>> rule that proxies through the php requests, the htaccess is ignored.
>>
>> I know why it is happening.
>>
>> The question how do I force apache to treat the request to php file as
>> a request to local file, and then proxy it through?
>>
>> I have spent substantial time in researching on this problem, and
>> following "answers" were given as solution:
>>
>> 1) "use apache configuration instead of .htaccess" it is valid
>> solution, but not for shared hosting environment (I am not going to
>> give access to apache configuration to shared hosting customers ;)).
>> 2) "don't use .htaccess, as it has performance/security/other issues",
>> well how else would shared hosting customers control access/url
>> rewriting on their site? Besides if the .htaccess was not a
>> requirement I would simply use nginx.
>> 3) "put rewrite rule for proxy inside of <directory>" - this is
>> incorrect, and it does not work.
>>
>>
>> This behaviour appears to be not a bug but a "feature" as per
>> https://issues.apache.org/bugzilla/show_bug.cgi?id=54887
>>
>>
>> Thank you very much.
>>
>>
>> Sergei.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
> Your httpd.conf and logs would be helpful.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|