Re: A very strange "minor" issue with PHP-FPM with Apache 2.4 (security, privacy related)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey. I'm not saying that your method wouldn't work, but I feel very uncomfortable deviating so far from the official guide. I don't want an exotic, special configuration that is prone to break in the future. I really want to know what's wrong with what I have, if anyone is able to tell. I really don't get how this can be so hard. :/

On 2015-03-23 at 3:43 PM, "Scott (firstclasswatches.co.uk)" <scott.lucas@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
>Hello,
>
>I believe that using a SetHandler approach (in my case with a UDS) 
>is the
>most reliable way to use mod_proxy_fcgi with PHP-FPM as I believe 
>this
>requires resolution of the script before it is passed to PHP-FPM.
>
>        <IfModule mod_proxy_fcgi.c>
>                ProxyErrorOverride On
>                <FilesMatch \.php$>
>                    SetHandler
>"proxy:unix:/var/run/php-fpm/php.sock|fcgi://localhost"
>                </FilesMatch>
>                <Proxy fcgi://localhost>
>                </Proxy>
>        </IfModule>
>
>It works with rewrites too in my usage. I still get some errors 
>but I think
>it is mainly due to clients disconnecting before the response is 
>sent
>through. HTTP errors appear to be handled by Apache.
>
>Kind Regards,
>
>Scott
>
>First Class Watches
>9 Warwick Road
>Kenilworth
>CV8 1HD
>Warwickshire
>United Kingdom
>
>On 21 March 2015 at 02:01, <hushthatbush@xxxxxxxxxxxx> wrote:
>
>> Dear Apache HTTP Server community,
>>
>> A few months ago, I finally switched over my PHP from using 
>mod_php to
>> PHP-FPM. I have it mostly working, except for one very annoying 
>thing that
>> I hope you can help me with.
>>
>> For my test vhost, I have a config that has a lot of 
>RewriteRules and ends
>> with this:
>>
>> RewriteRule ^/(.*\.php)$ fcgi://
>> 127.0.0.1:9000/usr/local/www/apache24/data/Example.net/www/$1 [P]
>>
>> This works. If I access: http://www.example.net/test
>> then Apache does the rewriting and ends up sending a test.php to 
>PHP-FPM,
>> which parses it. Great.
>>
>> The only problem I have is that if I request a non-existent PHP 
>file, such
>> as: http://www.example.net/abc.php
>> then Apache still sends this request to PHP-FPM, which proceeds 
>to display
>> a plain "File not found." message, telling anyone from the 
>public who
>> checks a made-up.php file on my domain that I:
>>
>> * Run PHP.
>> * Use PHP-FPM.
>>
>> Obviously, I do not want to send over control to PHP-FPM if the 
>final file
>> requested doesn't actually exist on the server. So I added this
>> RewriteCond, hoping that it would solve exactly this:
>>
>> RewriteCond %{REQUEST_FILENAME} -f
>> RewriteRule ^/(.*\.php)$ fcgi://
>> 127.0.0.1:9000/usr/local/www/apache24/data/Example.net/www/$1 [P]
>>
>> However, if I restart Apache HTTP Server (2.4) and load
>> http://www.example.net/test
>> then I will get a blank page. No output at all. No errors logged 
>anywhere
>> (no Apache error log, no PHP-FPM log, no PHP log). Please note 
>that only
>> that RewriteCond was added, in an attempt to make the "send this 
>to
>> PHP-FPM" not trigger unless the file requested (or determined 
>after all the
>> normal RewriteConds) actually exists.
>>
>> I'm very confused now. Why is it behaving like this? It doesn't 
>add up to
>> me. Please tell me what's wrong.
>>
>> PS: If you wonder why I don't use ProxyPassMatch or something 
>(which the
>> official PHP-FPM guide tells you to use), it's because of "some 
>sort or
>> problems" that I cannot remember anymore. I think it was related 
>to the
>> RewriteRules or something. The official guide on PHP-FPM with 
>Apache is
>> very naive in my opinion. It assumes that you use no 
>RewriteRules or
>> anything, which I consider crucial.
>>
>>
>> -----------------------------------------------------------------
>----
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux