Re: A very strange "minor" issue with PHP-FPM with Apache 2.4 (security, privacy related)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I believe that using a SetHandler approach (in my case with a UDS) is the most reliable way to use mod_proxy_fcgi with PHP-FPM as I believe this requires resolution of the script before it is passed to PHP-FPM.

        <IfModule mod_proxy_fcgi.c>
                ProxyErrorOverride On
                <FilesMatch \.php$>
                    SetHandler  "proxy:unix:/var/run/php-fpm/php.sock|fcgi://localhost"
                </FilesMatch>
                <Proxy fcgi://localhost>
                </Proxy>
        </IfModule>

It works with rewrites too in my usage. I still get some errors but I think it is mainly due to clients disconnecting before the response is sent through. HTTP errors appear to be handled by Apache.

Kind Regards,

Scott

First Class Watches
9 Warwick Road
Kenilworth
CV8 1HD
Warwickshire
United Kingdom

On 21 March 2015 at 02:01, <hushthatbush@xxxxxxxxxxxx> wrote:
Dear Apache HTTP Server community,

A few months ago, I finally switched over my PHP from using mod_php to PHP-FPM. I have it mostly working, except for one very annoying thing that I hope you can help me with.

For my test vhost, I have a config that has a lot of RewriteRules and ends with this:

RewriteRule ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/www/apache24/data/Example.net/www/$1 [P]

This works. If I access: http://www.example.net/test
then Apache does the rewriting and ends up sending a test.php to PHP-FPM, which parses it. Great.

The only problem I have is that if I request a non-existent PHP file, such as: http://www.example.net/abc.php
then Apache still sends this request to PHP-FPM, which proceeds to display a plain "File not found." message, telling anyone from the public who checks a made-up.php file on my domain that I:

* Run PHP.
* Use PHP-FPM.

Obviously, I do not want to send over control to PHP-FPM if the final file requested doesn't actually exist on the server. So I added this RewriteCond, hoping that it would solve exactly this:

RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/www/apache24/data/Example.net/www/$1 [P]

However, if I restart Apache HTTP Server (2.4) and load http://www.example.net/test
then I will get a blank page. No output at all. No errors logged anywhere (no Apache error log, no PHP-FPM log, no PHP log). Please note that only that RewriteCond was added, in an attempt to make the "send this to PHP-FPM" not trigger unless the file requested (or determined after all the normal RewriteConds) actually exists.

I'm very confused now. Why is it behaving like this? It doesn't add up to me. Please tell me what's wrong.

PS: If you wonder why I don't use ProxyPassMatch or something (which the official PHP-FPM guide tells you to use), it's because of "some sort or problems" that I cannot remember anymore. I think it was related to the RewriteRules or something. The official guide on PHP-FPM with Apache is very naive in my opinion. It assumes that you use no RewriteRules or anything, which I consider crucial.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux