httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott (" <>
Subject Re: [users@httpd] A very strange "minor" issue with PHP-FPM with Apache 2.4 (security, privacy related)
Date Mon, 23 Mar 2015 14:43:10 GMT

I believe that using a SetHandler approach (in my case with a UDS) is the
most reliable way to use mod_proxy_fcgi with PHP-FPM as I believe this
requires resolution of the script before it is passed to PHP-FPM.

        <IfModule mod_proxy_fcgi.c>
                ProxyErrorOverride On
                <FilesMatch \.php$>
                <Proxy fcgi://localhost>

It works with rewrites too in my usage. I still get some errors but I think
it is mainly due to clients disconnecting before the response is sent
through. HTTP errors appear to be handled by Apache.

Kind Regards,


First Class Watches
9 Warwick Road
United Kingdom

On 21 March 2015 at 02:01, <> wrote:

> Dear Apache HTTP Server community,
> A few months ago, I finally switched over my PHP from using mod_php to
> PHP-FPM. I have it mostly working, except for one very annoying thing that
> I hope you can help me with.
> For my test vhost, I have a config that has a lot of RewriteRules and ends
> with this:
> RewriteRule ^/(.*\.php)$ fcgi://
>$1 [P]
> This works. If I access:
> then Apache does the rewriting and ends up sending a test.php to PHP-FPM,
> which parses it. Great.
> The only problem I have is that if I request a non-existent PHP file, such
> as:
> then Apache still sends this request to PHP-FPM, which proceeds to display
> a plain "File not found." message, telling anyone from the public who
> checks a made-up.php file on my domain that I:
> * Run PHP.
> * Use PHP-FPM.
> Obviously, I do not want to send over control to PHP-FPM if the final file
> requested doesn't actually exist on the server. So I added this
> RewriteCond, hoping that it would solve exactly this:
> RewriteCond %{REQUEST_FILENAME} -f
> RewriteRule ^/(.*\.php)$ fcgi://
>$1 [P]
> However, if I restart Apache HTTP Server (2.4) and load
> then I will get a blank page. No output at all. No errors logged anywhere
> (no Apache error log, no PHP-FPM log, no PHP log). Please note that only
> that RewriteCond was added, in an attempt to make the "send this to
> PHP-FPM" not trigger unless the file requested (or determined after all the
> normal RewriteConds) actually exists.
> I'm very confused now. Why is it behaving like this? It doesn't add up to
> me. Please tell me what's wrong.
> PS: If you wonder why I don't use ProxyPassMatch or something (which the
> official PHP-FPM guide tells you to use), it's because of "some sort or
> problems" that I cannot remember anymore. I think it was related to the
> RewriteRules or something. The official guide on PHP-FPM with Apache is
> very naive in my opinion. It assumes that you use no RewriteRules or
> anything, which I consider crucial.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View raw message