Re: A very strange "minor" issue with PHP-FPM with Apache 2.4 (security, privacy related)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

Ok fair enough. I don't think what I have is exotic, SetHandler is usually how PHP is traditionally implemented in non FPM setups and this extends it to mod_proxy_fcgi. If anybody spots any problems with my approach I would love to hear about it but so far it has been stable.

For what you have, you could add an [L] flag to your RewriteRule http://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_l

I believe that stops processing on match and then after that you could write another rule to match everything that is not on the file system and give a 404 response [R=404].
# Is the request for a non-existent file?
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* 404.html [R=404]


Kind Regards,

Scott

First Class Watches
9 Warwick Road
Kenilworth
CV8 1HD
Warwickshire
United Kingdom

On 23 March 2015 at 15:02, <hushthatbush@xxxxxxxxxxxx> wrote:
Hey. I'm not saying that your method wouldn't work, but I feel very uncomfortable deviating so far from the official guide. I don't want an exotic, special configuration that is prone to break in the future. I really want to know what's wrong with what I have, if anyone is able to tell. I really don't get how this can be so hard. :/

On 2015-03-23 at 3:43 PM, "Scott (firstclasswatches.co.uk)" <scott.lucas@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
>Hello,
>
>I believe that using a SetHandler approach (in my case with a UDS)
>is the
>most reliable way to use mod_proxy_fcgi with PHP-FPM as I believe
>this
>requires resolution of the script before it is passed to PHP-FPM.
>
>        <IfModule mod_proxy_fcgi.c>
>                ProxyErrorOverride On
>                <FilesMatch \.php$>
>                    SetHandler
>"proxy:unix:/var/run/php-fpm/php.sock|fcgi://localhost"
>                </FilesMatch>
>                <Proxy fcgi://localhost>
>                </Proxy>
>        </IfModule>
>
>It works with rewrites too in my usage. I still get some errors
>but I think
>it is mainly due to clients disconnecting before the response is
>sent
>through. HTTP errors appear to be handled by Apache.
>
>Kind Regards,
>
>Scott
>
>First Class Watches
>9 Warwick Road
>Kenilworth
>CV8 1HD
>Warwickshire
>United Kingdom
>
>On 21 March 2015 at 02:01, <hushthatbush@xxxxxxxxxxxx> wrote:
>
>> Dear Apache HTTP Server community,
>>
>> A few months ago, I finally switched over my PHP from using
>mod_php to
>> PHP-FPM. I have it mostly working, except for one very annoying
>thing that
>> I hope you can help me with.
>>
>> For my test vhost, I have a config that has a lot of
>RewriteRules and ends
>> with this:
>>
>> RewriteRule ^/(.*\.php)$ fcgi://
>> 127.0.0.1:9000/usr/local/www/apache24/data/Example.net/www/$1 [P]
>>
>> This works. If I access: http://www.example.net/test
>> then Apache does the rewriting and ends up sending a test.php to
>PHP-FPM,
>> which parses it. Great.
>>
>> The only problem I have is that if I request a non-existent PHP
>file, such
>> as: http://www.example.net/abc.php
>> then Apache still sends this request to PHP-FPM, which proceeds
>to display
>> a plain "File not found." message, telling anyone from the
>public who
>> checks a made-up.php file on my domain that I:
>>
>> * Run PHP.
>> * Use PHP-FPM.
>>
>> Obviously, I do not want to send over control to PHP-FPM if the
>final file
>> requested doesn't actually exist on the server. So I added this
>> RewriteCond, hoping that it would solve exactly this:
>>
>> RewriteCond %{REQUEST_FILENAME} -f
>> RewriteRule ^/(.*\.php)$ fcgi://
>> 127.0.0.1:9000/usr/local/www/apache24/data/Example.net/www/$1 [P]
>>
>> However, if I restart Apache HTTP Server (2.4) and load
>> http://www.example.net/test
>> then I will get a blank page. No output at all. No errors logged
>anywhere
>> (no Apache error log, no PHP-FPM log, no PHP log). Please note
>that only
>> that RewriteCond was added, in an attempt to make the "send this
>to
>> PHP-FPM" not trigger unless the file requested (or determined
>after all the
>> normal RewriteConds) actually exists.
>>
>> I'm very confused now. Why is it behaving like this? It doesn't
>add up to
>> me. Please tell me what's wrong.
>>
>> PS: If you wonder why I don't use ProxyPassMatch or something
>(which the
>> official PHP-FPM guide tells you to use), it's because of "some
>sort or
>> problems" that I cannot remember anymore. I think it was related
>to the
>> RewriteRules or something. The official guide on PHP-FPM with
>Apache is
>> very naive in my opinion. It assumes that you use no
>RewriteRules or
>> anything, which I consider crucial.
>>
>>
>> -----------------------------------------------------------------
>----
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux