Anyone has a solution for my problem?
I would like have one <Location> directive for every request which
isn't starting with /Public.
Normally it can be <Location ~ ^/(?!Public)>, but that one is not
working because of using mod_fastcgi for php-fpm. It automatically
rewrites the php requests to /php5-fcgi/Public. This has likely to do
with <Action> directive in mod_fastcgi:
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket
/dev/shm/php5-fpm.sock -pass-header Authorization
Please could someone give a good regular expression that would match
both /Public and /php-fcgi/Public?
Or give me advise to adjust the mod_fastcgi config that the it won't add
/php5-fcgi in front of the location.
-----Original Message-----
From: Theo Belder
Sent: donderdag 12 maart 2015 09:24
To: users@xxxxxxxxxxxxxxxx
Subject: RE: Location directive not working when using
php-fpm (via mod_fastcgi)
In the meanwhile I figured out that the mod_fastcgi is changing the
variable which is being used for the Location directive.
When mod_fastcgi is active, I have to make an extra location directive
(/php5-fcgi/Public).
For now I've split out the Location directives:
<Location />
# request Client certificate
</Location>
<Location /Public>
# don't request a client certificate
</Location>
<Location /php5-fcgi/Public>
# don't request a client certificate
</Location>
But isn't it possible to do it with one Location directive?
I've tried <Location ~ /(?!Public)> (removing the ^), but that is not
working.
Please could someone give a good regular expression that would match
/Public and /php-fcgi/Public?
Or give me advise to adjust the mod_fastcgi config that the it won't add
/php5-fcgi in front of the location.
-----Original Message-----
From: Theo Belder [mailto:T.Belder@xxxxxxxxx]
Sent: dinsdag 10 maart 2015 17:10
To: users@xxxxxxxxxxxxxxxx
Subject: Location directive not working when using php-fpm
(via mod_fastcgi)
Hello,
I am facing to an issue in my virtualhost config. It looks like
mod_fastcgi causes the issue.
I've configured a virtualhost which should be completely restricted with
a SSL client certificate, except one location (/Public).
Apache version: httpd-2.2.15-39.el6.centos.x86_64 PHP version:
php56w-fpm-5.6.4-1.w6.x86_64
My configuration in my virtualhost:
<Location ~ ^/(?!Public)>
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +StdEnvVars -ExportCertData </Location>
I've done a couple of tests using mod_fastcgi:
Requesting https://myserver.mycompany.com/MyWorkspace, the server is
requesting SSL client certicate -> Works as designed.
Requesting https://myserver.mycompany.com/Public/index.html, the server
is not requesting SSL client certicate -> Works as designed.
Requesting https://myserver.mycompany.com/Public/index.php, the server
is requesting SSL client certicate -> Works NOT as designed.
When I do the last test using mod_php, the server is not requesting for
a SSL client certificate, which is correct.
Is this normal behavior, or did I misconfigured something?
My config for mod_fastcgi is as follows:
LoadModule fastcgi_module modules/mod_fastcgi.so
<IfModule mod_fastcgi.c>
DirectoryIndex index.php index.html index.shtml index.cgi
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket
/dev/shm/php5-fpm.sock -pass-header Authorization
# For monitoring status with e.g. Munin
<LocationMatch "/(ping|status)">
SetHandler php5-fcgi-virt
Action php5-fcgi-virt /php5-fcgi virtual
</LocationMatch>
</IfModule>
Best regards,
Theo Belder
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|