Am 27.02.2014 18:19, schrieb ryo takatsuki:
Thx for the patch! Let me take a look... I'm assuming that there's
no real work-around other than the patch itself, right?
If there is, we could not find it :) We have been searching for months
and trying different approaches. This is required to work with out of
the box installation of many apps without requiring them to modify
their htaccess files.
Thanks for looking into it!
Hi,
You can put the patch in its own module, it is not required to be part
of mod_proxy if you can accept to use internals of one module in
another. That is what I am currently doing with apache 2.4 since I like
to use the binary package of my distribution without the need to
recompile the whole server.
https://gist.github.com/progandy/6ed4eeea60f6277c3e39/
2014-02-27 14:24 GMT+01:00 Jim Jagielski <[email protected]>:
Thx for the patch! Let me take a look... I'm assuming that there's
no real work-around other than the patch itself, right?
On Feb 26, 2014, at 1:47 PM, ryo takatsuki <[email protected]> wrote:
Hi all,
Any other comments about the patch? I believe it is simple enough and
could ease the migration from mod_php to PHP-FPM (and make use of the
new event mode) with minimal changes to the default configurations.
Could you consider adding it? Pretty please :)
To give more background, at Bitnami we have 800.000+ monthly *new*
installs just for Apache + PHP environments, a growing number of them
in the cloud. We have daily requests for switching to nginx as the
default, but we believe Apache 2.4 event MPM + PHP-FPM to be
equivalent in terms of performance and you get all the other goodness
of Apache. This is a small change that would make the transition to
the event MPM on our side significantly easier (long story)
Best regards,
Juanjo.
2014-02-18 15:46 GMT+01:00 ryo takatsuki <[email protected]>:
AddHandler might be tricky from security point of view, eg. most of cms software
usually checks only for last extension before writing uploaded files,
but this AddHandler will also
pass test.php.jpeg to php which might execute this
Yes, It would be probably safer to use something like:
<FilesMatch \.php$>
SetHandler "proxy:unix:/path/to/app.sock|fcgi://localhost/"
</FilesMatch>
2014-02-17 0:11 GMT+01:00 Lazy <[email protected]>:
2014-02-06 ryo takatsuki <[email protected]>:
Hi,
I have an improvement request to suggest but I would like to first provide
some background to justify it, I apologise for the long email :).
I'm actively using mod_proxy to forward PHP files requests to PHP-FPM. My
current approach is to use a RewriteRule with the 'P' flag because (in most
of the cases) it plays nicely with other rules configured by the
applications I'm configuring, as well as allowing per-Directory
configurations.
To make it properly work I must assure the proxy RewriteRule must be the
latest one to be evaluated. The problem is that from time to time I
encounter corner cases in which the rules previously executed include a [L]
option that abort the next rules evaluation, skipping the proxy one, making
Apache serve the PHP text as plain text. This can be solved by tweaking the
rules but it is a tedious process and is hard to determine all the scenarios
in which the rewrites could go wrong.
IMHO this is a good idea, a handler is more compatible with .htacess
files created for
mod_php and it fits shared hosting env
Thinking about my goal with all of this was at the beginning, I realised I
only wanted a way of configuring a handler for all my PHP files, that in
this case is PHP-FPM, without having to worry about what happens before the
resource is going to be served. This made my think about the possibility of
adding this functionality to mod_proxy itself, allowing defining a proxy
worker as a handler for certain types of files. Something like:
AddHandler "proxy:unix:/path/to/app.sock|fcgi://localhost/" .php
AddHandler might be tricky from security point of view, eg. most of cms software
usually checks only for last extension before writing uploaded files,
but this AddHandler will also
pass test.php.jpeg to php which might execute this
I made a quick POC, it is a really small change and for those in my
situation it could really simplify the configuration of their apps. Of
course, I'm open to criticisms and alternative solutions :).
The code that adds the new functionality is inserted at the beginning of
mod_proxy's proxy_handler. The conditions are a little weird because I only
wanted to check the handler if it is not a proxy request already.
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index 9d7c92f..49f3bdc 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -927,8 +927,20 @@ static int proxy_handler(request_rec *r)
struct dirconn_entry *list = (struct dirconn_entry
*)conf->dirconn->elts;
/* is this for us? */
- if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6)
!= 0)
+ if (!r->filename)
+ return DECLINED;
+
+ if (!r->proxyreq) {
+ if (r->handler && strncmp(r->handler, "proxy:", 6) == 0 &&
strncmp(r->filename, "proxy:", 6) != 0) {
+ r->proxyreq = PROXYREQ_REVERSE;
+ r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL);
+ apr_table_setn(r->notes, "rewrite-proxy", "1");
+ } else {
return DECLINED;
+ }
+ } else if (strncmp(r->filename, "proxy:", 6) != 0) {
+ return DECLINED;
+ }
/* handle max-forwards / OPTIONS / TRACE */
if ((str = apr_table_get(r->headers_in, "Max-Forwards"))) {
--
I've seen things you people wouldn't believe.
Attack ships on fire off the shoulder of Orion.
I watched C-beams glitter in the dark near Tannhauser Gate.
All those moments will be lost in time like tears in rain.
Time to die.
--
I've seen things you people wouldn't believe.
Attack ships on fire off the shoulder of Orion.
I watched C-beams glitter in the dark near Tannhauser Gate.
All those moments will be lost in time like tears in rain.
Time to die.
/*
* Copyright 2014 Andreas Bosch
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "httpd.h"
#include "http_config.h"
#include "http_protocol.h"
#include "ap_config.h"
#include "apr_strings.h"
#include "http_request.h"
static int proxy_handler_handler(request_rec *r)
{
// This function is adapted from a patch to mod_proxy
// http://svn.apache.org/viewvc?view=revision&revision=1573626
if (r->filename && !r->proxyreq) {
/* We may have forced the proxy handler via config or .htaccess */
if (r->handler &&
strncmp(r->handler, "proxy:", 6) == 0 &&
strncmp(r->filename, "proxy:", 6) != 0) {
r->proxyreq = PROXYREQ_REVERSE;
r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL);
apr_table_setn(r->notes, "rewrite-proxy", "1");
r->handler = "proxy-server";
return OK;
}
}
return OK;
}
static void proxy_handler_register_hooks(apr_pool_t *p)
{
static const char * const aszSucc[] = { "mod_proxy.c", NULL };
ap_hook_fixups(proxy_handler_handler, NULL, aszSucc, APR_HOOK_FIRST);
}
/* Dispatch list for API hooks */
module AP_MODULE_DECLARE_DATA proxy_handler_module = {
STANDARD20_MODULE_STUFF,
NULL, /* create per-dir config structures */
NULL, /* merge per-dir config structures */
NULL, /* create per-server config structures */
NULL, /* merge per-server config structures */
NULL, /* table of config file commands */
proxy_handler_register_hooks /* register hooks */
};
