mod_fcgid: Problem serving binary content with Apache 2.2.13 - PHP 5.2.9

2009-09-19 Thread Marcus Merz 
Hi,

i ran into a problem with mod_fcgid and i wonder whether anybody can 
replicate my problem.

There is also a bug report in here: 
http://sourceforge.net/tracker/?func=detail&aid=2854396&group_id=174879&atid=870991

Since i wrote the bug report, i did

a) update to Apache 2.2.13, PHP 5.3.0 and mod_fcgid 2.2 (was 2.1 before)
b) downgrade php to 5.2.9 and update mod_fcgid to 2.3.1 beta

but the error remains (should have upgraded before  but that is why i 
write here now).

My server:
Operating systemLinux 2.6.9-023stab048.6-smp
CPUAuthenticAMD, Quad-Core AMD Opteron(tm) Processor 2352
Trying to replicate the problem just put a image.jpg file into a folder 
(i.e. 800x600 pixels) and another watermark.jpg like a banner 486x60 (size 
does not matter, it should just be smaller than the original image).

Then put the following .htaccess into the same folder:

#---
RewriteEngine on
Options FollowSymlinks
RewriteBase /
AddHandler wtmrk jpg
action wtmrk /modify.php
#---


The code of the modify.php is this:

---
 200)) {
 // image


 $lst2=GetImageSize(WATERMARK_IMAGE);
 $image2_width=$lst2[0];
 $image2_height=$lst2[1];
 $image2_format=$lst2[2];

 if ($image2_format==2) {
  $wt_image=imagecreatefromjpeg(WATERMARK_IMAGE);
 } elseif ($image2_format==3) {
  $wt_image=imagecreatefrompng(WATERMARK_IMAGE);
 }

  if ($wt_image) {

   $wt_y=WATERMARK_MARGIN;
   if (WATERMARK_ALIGN_V=='top') {
$wt_y=WATERMARK_MARGIN;
   } elseif (WATERMARK_ALIGN_V=='bottom') {
$wt_y=$image_height-$image2_height-WATERMARK_MARGIN;
   } elseif (WATERMARK_ALIGN_V=='center') {
$wt_y=(int)($image_height/2-$image2_height/2);
   }

   $wt_x=WATERMARK_MARGIN;
   if (WATERMARK_ALIGN_H=='left') {
$wt_x=WATERMARK_MARGIN;
   } elseif (WATERMARK_ALIGN_H=='right') {
$wt_x=$image_width-$image2_width-WATERMARK_MARGIN;
   } elseif (WATERMARK_ALIGN_H=='center') {
$wt_x=(int)($image_width/2-$image2_width/2);
   }

   imagecopymerge($old_image, $wt_image, $wt_x, $wt_y, 0, 0, $image2_width, 
$image2_height, WATERMARK_PERCENT);
  }

 }

 if ($image_format==2) {
  imageJpeg($old_image);
 }
 if ($image_format==3) {
  imagePng($old_image);
 }


?>
---

When i use this url http://www.domain.tld/image.jpg i get this error mesage 
after updating to PHP 5.3.0 (from 5.2.6), Apache 2.2.13 (from 2.2.4) and 
mod_fcgid 2.2 (from 2.1):

---
PHP Parse error:  syntax error, unexpected '[' in 
/srv/www/vhosts/httpdocs/image.jpg on line 234
PHP Warning:  Unexpected character in input:  '' (ASCII=16) state=0 in 
/srv/www/vhosts/httpdocs/image.jpg on line 234
---

So, to me it seems the PHP parser tries to parse the content instead of the 
browser sending it with the image/jpeg (or image/jpg) header.

When i use this url http://www.domain.tld/modify.php/image.jpg the image 
will be shown with the watermark.

Any issues with the 'AddHandler' and/or 'action' statement in .htaccess 
probably?

As soon as i switch from mod_fcgid to CGI or mod_php it does work using 
http://www.domain.tld/image.jpg.

My httpd.include:
---


SetHandler fcgid-script
FCGIWrapper /usr/bin/php-cgi5 .php
Options +ExecCGI
allow from all


---


My /etc/apache2conf.d/mod_fcgid.conf (i did only add "Passheader 
Authorization" to it but this does not make a difference, obviously...):
---

##
## Sample config for apache2_mod-fcgid
##
## All lines, that are commented out, reflect the default values.
##


##
## An idle fastcgi application will be terminated after IdleTimeout seconds.
##
#IdleTimeout 300

##
## The scan interval for idle fastcgi applications in seconds.
##
#IdleScanInterval 120

##
## a fastcgi application will be terminated if handing a single request 
longer
## than busy timeout. Value in seconds.
##
#BusyTimeout 300

##
## The scan interval for busy timeout fastcgi applications. Value in 
seconds.
##
#BusyScanInterval 120

##
## The scan interval for exit pending fastcgi applications. fastcgi 
applications
## will be terminated within this scanning. Value in seconds.
##
#ErrorScanInterval 3

##
## The scan interval for zombie process. Value in seconds.
##
#ZombieScanInterval 3

##
PassHeader Authorization

##
##
## A fastcgi application will be terminated if lifetime expired, even no 
error
## is detected. Value in seconds.
##
#ProcessLifeTime 3600

##
## The directory to put the UNIX domain socket. (UNIX only)
##
SocketPath /var/lib/apache2/fcgid/

##
## The share memory file path.
##
SharememPath /var/lib/apache2/fcgid/shm

##
## The spawn-speed control score up water limit. Score increases while a 
process
## is spawned or terminated, and decreases as time progresses; while the 
score is
## higher than SpawnScoreUpLimit, the spawning will be held for a while. The
## higher this number is, the higher speed of the spawning can be.
##
#SpawnScoreUpLimit n (10)

##
## The weight of spawning.  This

Re: mod_fcgid: Problem serving binary content with Apache 2.2.13 - PHP 5.2.9

2009-09-19 Thread Jeff Trawick 
On Sat, Sep 19, 2009 at 3:48 AM, Marcus Merz  wrote:

> Hi,
>
> i ran into a problem with mod_fcgid and i wonder whether anybody can
> replicate my problem.
>
> There is also a bug report in here:
>
> http://sourceforge.net/tracker/?func=detail&aid=2854396&group_id=174879&atid=870991
>
>
Any PHP experts out there?

The basic problem from your description is that PHP thinks the .jpg file is
the PHP script and tries to parse that (instead of modify.php).  I easily
duplicated that.

I then looked up the setting of cgi.fix_pathinfo.  My php.ini has a comment
that says it defaults to 1.  mod_fcgid has a setting that is supposed to
mirror that (PHP_Fix_Pathinfo_Enable).  So I set "PHP_Fix_Pathinfo_Enable 1"
in my mod_fcgid configuration, but still no change in failure.

I then edited php.ini, set cgi.fix_pathinfo=0, set "PHP_Fix_Pathinfo_Enable
0" (the default) in my mod_fcgid conf, and retested.

Now PHP is trying to run modify.php instead of interpreting a .jpg file
(good!).  It fails to open the file properly ("*Warning*:
getimagesize(./wtmrk./IMG_4418.jpg)") but that may be something about how I
attempted to set up modify.php.

So set "cgi.fix_pathinfo=0" in the proper* php.ini and try again.  (*You may
have a separate one for mod_php vs. "CGI"; set the latter one.)

BTW, here were the request environment settings sent over by mod_fcgid:

SCRIPT_FILENAME=/home/trawick/inst/22/htdocs/modify.php
REDIRECT_URL=/wtmrk/IMG_4418.jpg
REQUEST_URI=/wtmrk/IMG_4418.jpg
SCRIPT_NAME=/modify.php
PATH_INFO=/wtmrk/IMG_4418.jpg
PATH_TRANSLATED=/home/trawick/wtmrk/IMG_4418.jpg

Another way to look at it is to consider if mod_fcgid is doing the right
thing when PHP_Fix_Pathinfo_Enable is 1 (matching PHP's default).  I don't
know about that ;)

That logic (in mod_fcgid.c) is as follows:

/* "DOCUMENT_ROOT"/"SCRIPT_NAME" -> "SCRIPT_NAME" */
const char *doc_root = apr_table_get(e, "DOCUMENT_ROOT");
const char *script_name = apr_table_get(e, "SCRIPT_NAME");

if (doc_root && script_name
&& apr_filepath_merge(&merge_path, doc_root, script_name, 0,
  r->pool) == APR_SUCCESS) {
apr_table_setn(e, "SCRIPT_NAME", merge_path);
}

In our example, the Action for wtmrk is defined as "/modify.php", so
SCRIPT_NAME is "/modify.php" when we get here.  apr_filepath_merge() just
returns the 3rd parameter when it starts with "/", so our supposedly-merged
script name is unchanged.  That's not what I would have expected.  (Also, I
wonder what happens when SCRIPT_NAME is outside of DOCUMENT_ROOT.)

Recap: Try cgi.fix_pathinfo=0; maybe somebody else will chime in on the
PHP_Fix_Pathinfo_Enable processing.

Re: mod_fcgid: Problem serving binary content with Apache 2.2.13 - PHP 5.2.9

2009-09-20 Thread Marcus Merz 
Hi Jeff,

"Jeff Trawick"  schrieb im Newsbeitrag
news:...
> On Sat, Sep 19, 2009 at 3:48 AM, Marcus Merz  wrote:
>
> Recap: Try cgi.fix_pathinfo=0; maybe somebody else will chime in on the
> PHP_Fix_Pathinfo_Enable processing.
>

Thanks for your comments. Surprisingly setting cgi.fix_pathinfo=0 in php.ini
does not change the behaviour calling http://www.domain.tld/image.jpg . PHP
still tries to parse the jpg, same as with the default setting of
cgi.fix_pathinfo=1in php.ini. What *does* change is, that when calling
http://www.domain.tld/modify.php/image.php (for test purposes) instead of
displaying the image -which worked before with cgi.fix_pathinfo=1 (or
uncommented as 1 is default), PHP tries to parse the jpg as well:

Warning: Unexpected character in input: '' (ASCII=16) state=1 in
/srv/www/vhosts/image.jpg on line 234

Parse error: syntax error, unexpected '[' in /srv/www/vhosts/image.jpg on
line 234

I did check with phpinfo() that cgi.fix_pathinfo was 0 and 1 each time i
tested.

What is new is, that using CGI instead of mod_fcgid, with cgi.fix_pathinfo=0
the script now fails with a 'No input file specified' message in the
webbrowser. There is no error logged in error_log but a 404 is logged in
access_log for /image.jpg.

Obviously using mod_php it works regardless of setting cgi.fix_pathinfo=0 or
1 as it is not taken care of anyway and so the image gets displayed each
time.

To recap:
setting cgi.fix_pathinfo=0 causes mod_fcgid to parse the jpg file (same
behaviour as before) using http://www.domain.tld/image.jpg *AND*
http://www.domain.tld/modify.php/image.php

Switching back to cgi.fix_pathinfo=1 and using CGI instead of mod_fcgid, the
image gets displayed 'out-of-the-box.

I suspect there are differences in mod_fcgid.conf which default settings
cause this behaviour because the php.ini is the same for both. I will take a
closer look into the docs for 2.3.1 and trying to find a solution there.

Of course i was glad if somebody else knows the solution.

Thanks,
Marcus

Re: mod_fcgid: Problem serving binary content with Apache 2.2.13 - PHP 5.2.9

2009-09-21 Thread Jeff Trawick 
On Sun, Sep 20, 2009 at 12:30 PM, Marcus Merz  wrote:

> Hi Jeff,
>
> "Jeff Trawick"  schrieb im Newsbeitrag
> news:...
> > On Sat, Sep 19, 2009 at 3:48 AM, Marcus Merz  wrote:
> >
> > Recap: Try cgi.fix_pathinfo=0; maybe somebody else will chime in on the
> > PHP_Fix_Pathinfo_Enable processing.
> >
>
> Thanks for your comments. Surprisingly setting cgi.fix_pathinfo=0 in
> php.ini
> does not change the behaviour calling http://www.domain.tld/image.jpg .


What is your configuration to run modify.php as a CGI?  Do you add a shebang
line, or use something else?

Here's my configuration:

LoadModule fcgid_module modules/mod_fcgid.so


  Allow from all
  AddHandler wtmrk jpg
  Action wtmrk /modify.php




  
SetHandler fcgid-script
FCGIWrapper /usr/bin/php5-cgi .php
  

  
SetHandler cgi-script
  

  Options +ExecCGI
  Allow from all


I comment out the LoadModule directive to switch to CGI.  I had to add a
shebang line to the top of modify.php.

Re: mod_fcgid: Problem serving binary content with Apache 2.2.13 - PHP 5.2.9

2009-09-21 Thread Marcus Merz 

"Jeff Trawick"  schrieb im Newsbeitrag 
news:cc67648e0909210827h6247d05fu65c31252b6f32...@mail.gmail.com...

>What is your configuration to run modify.php as a CGI?  Do you add a 
>shebang line, or use something else?
>
>Here's my configuration:
>
>LoadModule fcgid_module modules/mod_fcgid.so
>
>
>  Allow from all
>  AddHandler wtmrk jpg
>  Action wtmrk /modify.php
>
>
>
>
>  
>SetHandler fcgid-script
>FCGIWrapper /usr/bin/php5-cgi .php
>  
>
>  
>SetHandler cgi-script
>  
>
>  Options +ExecCGI
>  Allow from all
>
>
>I comment out the LoadModule directive to switch to CGI.  I had to add a 
>shebang line to the top of modify.php.
>

I use Plesk 9.2.1 (on OpenSUSE 10.3) to define my domains/virtual hosts. For 
PHP I can choose between 'Apache Module', 'FastCGI-Application' and 
'CGI-Application'. I will skip the settings for Apache Module here. 
Depending on what you select, Plesk does adjust the corresponding 
httpd.include for the respective domain (i.e. virtual host). Furthermore i 
use support for perl and python. The httpd.include sits in 
/srv/www/vhosts/domain.tld/conf and is included from 
/etc/apache2/conf.d/zz010_psa_httpd.conf (which gets included from 
/etc/apache2/httpd.conf).


General configuration from /etc/apache2/sysconfig.d/loadmodule.conf (i left 
out non-php-relevant entries):
---
LoadModule cgi_module 
/usr/lib64/apache2-prefork/mod_cgi.so
LoadModule php5_module/usr/lib64/apache2/mod_php5.so
LoadModule fcgid_module   /usr/lib64/apache2/mod_fcgid.so
LoadModule suexec_module 
/usr/lib64/apache2-prefork/mod_suexec.so
---

Both CGI and FastCGI use
:/usr/bin/ # php-cgi5 -v
PHP 5.2.9 with Suhosin-Patch 0.9.7 (cgi-fcgi) (built: Mar 12 2009 16:17:38)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

In my php.ini i have

; cgi.force_redirect is necessary to provide security running PHP as a CGI 
under
; most web servers.  Left undefined, PHP turns this on by default.  You can
; turn it off here AT YOUR OWN RISK
; **You CAN safely turn this off for IIS, in fact, you MUST.**
; http://php.net/cgi.force-redirect
;cgi.force_redirect = 1

so it defaults to 1 which is why i set the same in mod_fcgid.conf via 
'PHP_Fix_Pathinfo_Enable 1'.



a) Settings for using CGI

/etc/apache2/conf.d/php_cgi.conf
---
scriptAlias /phppath/ "/usr/bin/"
Action php-script /phppath/php-cgi5
---


/srv/www/vhosts/domain.tld/conf/httpd.include
---
:80>




SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
allow from all
PerlSendHeader On




SetHandler python-program
PythonHandler   mod_python.cgihandler




SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI



AddHandler php-script .php
Options +ExecCGI
allow from all

Options -Includes -ExecCGI

Include /srv/www/vhosts/domain.tld/conf/vhost.conf



b) Settings for using FastCGI which is mod_fcgid is selected form Plesk:

:80>
...



SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
allow from all
PerlSendHeader On




SetHandler python-program
PythonHandler   mod_python.cgihandler




SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI




SetHandler fcgid-script
FCGIWrapper /usr/bin/php-cgi5 .php
Options +ExecCGI
allow from all


Options -Includes -ExecCGI

Include /srv/www/vhosts/domain.tld/conf/vhost.conf


/etc/apache2/conf.d/mod_fcgid.conf
---

##
## Sample config for apache2_mod-fcgid
##
## All lines, that are commented out, reflect the default values.
##


##
## An idle fastcgi application will be terminated after IdleTimeout seconds.
##
#IdleTimeout 300

##
## The scan interval for idle fastcgi applications in seconds.
##
#IdleScanInterval 120

##
## a fastcgi application will be terminated if handing a single request 
longer
## than busy timeout. Value in seconds.
##
#BusyTimeout 300

##
## The scan interval for busy timeout fastcgi applications. Value in 
seconds.
##
#BusyScanInterval 120

##
## The scan interval for exit pending fastcgi applications. fastcgi 
applications
## will be terminated within this scanning. Value in seconds.
##
#ErrorScanInterval 3

Re: mod_fcgid: Problem serving binary content with Apache 2.2.13 - PHP 5.2.9

2009-09-21 Thread Marcus Merz 
As an additional note, i found another watermark script which fails with the 
same error (it will need the same .htaccess as in my first post - save the 
script as modify.php as well or adjust the name in .htaccess accordingly) as 
PHP will try to parse the jpg file instead of displaying the image.

Again, switching to cgi-fcgi or mod_php, the image gets displayed 
(differences between mod_fcgid and mod_cgi as shown in the httpd.include in 
my previous post):

---
http://creativecommons.org/licenses/by/2.5/ 
//
// The following line must reside in any derivative works: 
//
// portions (cc) Doncho Angelov 2005 (http://doncho.net) 
//
// -  
//

//
// SETUP
//

// the location of the picture, which contains the normal watermark
//  (we first try to apply this one)
define(BIG_WATERMARK_FILE, $_SERVER['DOCUMENT_ROOT'] . "/watermark.jpg");
// the location of the picture, which contains the smaller watermark
//  (for the images, which are smaller than 5 times the normal watermark)
define(SMALL_WATERMARK_FILE, $_SERVER['DOCUMENT_ROOT'] . "/watermark.jpg");

// SETUP ends

// generate the image with watermark
function watermark($source, $outputType="") {

  // determine the type of the source image
  $sourceType = getFileType($source);

  // output the header of the new image
  if (empty($outputType)) $outputType = $sourceType;
  // if you hate GIF files, you can switch to PNG
  if ($outputType == "gif") $outputType = "png";
  header("Content-type:image/$outputType");

  // create the source
  $createSource = "ImageCreateFrom".strtoupper($sourceType);
  $showImage = "Image".strtoupper($outputType);
  $output = $createSource($source);

  // load the big logo
  $logo = loadWatermark(BIG_WATERMARK_FILE);

  // check if the watermark is not bigger than the logo
  if (ImageSX($output)<(ImageSX($logo)*5) || 
ImageSY($output)<(ImageSY($logo)*5))
// if so, fallback to a smaller logo
$logo = loadWatermark(SMALL_WATERMARK_FILE);

  $x = ImageSX($output) - ImageSX($logo);
  $y = ImageSY($output) - ImageSY($logo);

  ImageAlphaBlending($output, true);

  ImageCopy($output, $logo, $x, $y, 0, 0, ImageSX($logo), ImageSY($logo));
  $showImage($output);

  ImageDestroy($output);
  ImageDestroy($logo);
}

function getFileType($string)
{
  $type = strtolower(eregi_replace("^(.*\.)","",$string));
  if ($type == "jpg") $type = "jpeg";

  return $type;
}

function loadWatermark($watermarkFile)
{
  $watermarkType = getFileType($watermarkFile);
  $createWatermark = "ImageCreateFrom".strtoupper($watermarkType);
  return $createWatermark($watermarkFile);
}

//
// main functionality starts here
//

$image = $_SERVER["PATH_TRANSLATED"];

if (empty($image)) die();

if (!file_exists($image))
{
  header("404 Not Found");
  echo "Requested File Not Found."; die();
}

$outputType = getFileType($image);

watermark($image, $outputType);
?>
---

I wonder whether i have a special environment which causes this behaviour 
only with me. Otherwise i would expect a lot more 'noise' from other people 
when switching to mod_fcgid from either mod_php or mod_fastcgi as these 
scripts will fail.

Regards,
Marcus

Re: mod_fcgid: Problem serving binary content with Apache 2.2.13 - PHP 5.2.9

2009-09-21 Thread Jeff Trawick 
On Mon, Sep 21, 2009 at 2:24 PM, Marcus Merz  wrote:

>
> "Jeff Trawick"  schrieb im Newsbeitrag
> news:cc67648e0909210827h6247d05fu65c31252b6f32...@mail.gmail.com...
>
> >What is your configuration to run modify.php as a CGI?  Do you add a
> >shebang line, or use something else?
> >
> >Here's my configuration:
>

Thanks for the additional details.


>
> In my php.ini i have
>
> ; cgi.force_redirect is necessary to provide security running PHP as a CGI
> under
> ; most web servers.  Left undefined, PHP turns this on by default.  You can
> ; turn it off here AT YOUR OWN RISK
> ; **You CAN safely turn this off for IIS, in fact, you MUST.**
> ; http://php.net/cgi.force-redirect
> ;cgi.force_redirect = 1
>
> so it defaults to 1 which is why i set the same in mod_fcgid.conf via
> 'PHP_Fix_Pathinfo_Enable 1'.
>

I'm not aware of a connection between cgi.force_redirect and
PHP_Fix_Pathinfo_Enable.  What do you know about that?


> a) Settings for using CGI
>
>
For the purposes of my recreate, I condensed this down to

   AddHandler php-script .php

  ScriptAlias /phppath/ /usr/bin/
  Action php-script /phppath/php5-cgi

  
Allow from all
  

  
AddHandler php-script .php
Options +ExecCGI
Allow from all
  


> b) Settings for using FastCGI which is mod_fcgid is selected form Plesk:
>
>

For the purposes of my recreate, I condensed this down to

  
SetHandler fcgid-script
FCGIWrapper /usr/bin/php5-cgi .php
Options +ExecCGI
Allow from all
  

  AddHandler php-script .php

  Action php-script /phppath/php5-cgi

  
Allow from all
  

  
AddHandler php-script .php
Options +ExecCGI
Allow from all
  

As before, this only came close to working for me with cgi.fix_pathinfo=0.

With the CGI configuration in hand, then I tried to convert that directly to
FastCGI.

Theoretically we should just change the handler from cgi-script to
fcgid-script and it should work.  But the CGI configuration uses ScriptAlias
as a short-cut for

Alias /phppath/ /usr/bin/
  
SetHandler cgi-script
Options +ExecCGI
  

When I use that expansion of ScriptAlias, and convert the cgi-script to
fcgid-script, I now get this for the FastCGI configuration:

  AddHandler php-script .php

  # ScriptAlias /phppath/ /usr/bin/
  Alias /phppath/ /usr/bin/
  
SetHandler fcgid-script
Options +ExecCGI
  

  Action php-script /phppath/php5-cgi

  
Allow from all
  

  
AddHandler php-script .php
Options +ExecCGI
Allow from all
  

That's the direct translation of the CGI configuration to a FastCGI
configuration.  And the script works for me now via FastCGI, without
changing cgi.fix_pathinfo to 0.  (I'm not setting PHP_Fix_PathInfo_Enable
either.)



> So depending on what i set in Plesk the httpd.include file gets changed and
> php files get parsed either with module mod_cgi.so or mod_fcgid.so (which
> is
> a symlink to the 2.3.1 version i compiled) and both times with the same
> binary /usr/bin/php-cgi5.
>
> At least that is my understanding.
>
>
AFAICT, if Plex was creating a mod_fcgid configuration that was an exact
translation from the mod_cgi configuration, it would work with mod_fcgid.


>
> There is another difference looking at phpinfo():
>
> Using mod_fcgid the only Environment variable i see is PATH. Using mod_cgi
> there are a whole lot more Envrionment variables. To my understanding
> variables shown under 'Environment' are Apache ENV variables.
>

That is to be expected.

The CGI process is created for every request, so the Apache subprocess env
data is passed over as a native/OS environment variable when the process is
created.

The FastCGI process is started and intended to be run for many different
requests;  the Apache subprocess env data is passed over on a socket with
the actual request.

The important stuff is populated in _SERVER[].


>
> phpinfo() from CGI via http://www.domain.tld/admin/phpinfo.php:
>
> Environment
> VariableValue
> PATH/usr/local/bin:/usr/bin:/bin
> REDIRECT_STATUS200
> HTTP_HOSTwww.domain.tld
> HTTP_USER_AGENTMozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.3)
> Gecko/20090824 Firefox/3.5.3 GTB5 (.NET CLR 3.5.30729)
> HTTP_ACCEPT
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> HTTP_ACCEPT_LANGUAGEde
> HTTP_ACCEPT_ENCODINGgzip
> HTTP_ACCEPT_CHARSETISO-8859-1,utf-8;q=0.7,*;q=0.7
> HTTP_KEEP_ALIVE300
> HTTP_CONNECTIONkeep-alive
> HTTP_COOKIE***
> SERVER_SOFTWAREApache/2.2.13 (Linux/SUSE)
> SERVER_NAMEdomain.tld
> SERVER_ADDR
> SERVER_PORT80
> REMOTE_ADDR
> DOCUMENT_ROOT/srv/www/vhosts/domain.tld/httpdocs
> SERVER_ADMIN***
> SCRIPT_FILENAME/srv/www/vhosts/domain.tld/httpdocs/admin/phpinfo.php
> REMOTE_PORT58740
> REDIRECT_URL/admin/phpinfo.php
> GATEWAY_INTERFACECGI/1.1
> SERVER_PROTOCOLHTTP/1.1
> REQUEST_METHODGET
> QUERY_STRINGno value
> REQUEST_URI/admin/phpinfo.php
> SCRIPT_NAME/admin/phpinfo.php
> ORIG_SCR

Re: mod_fcgid: Problem serving binary content with Apache 2.2.13 - PHP 5.2.9

2009-09-21 Thread Marcus Merz 
Hi Jeff,

"Jeff Trawick"  schrieb im Newsbeitrag 
news:cc67648e0909211455i5cb6c7c3ub4fdcc25cb9cc...@mail.gmail.com...
On Mon, Sep 21, 2009 at 2:24 PM, Marcus Merz  wrote:


>In my php.ini i have
>
>; cgi.force_redirect is necessary to provide security running PHP as a CGI
>under
>; most web servers.  Left undefined, PHP turns this on by default.  You can
>; turn it off here AT YOUR OWN RISK
>; **You CAN safely turn this off for IIS, in fact, you MUST.**
>; http://php.net/cgi.force-redirect
>;cgi.force_redirect = 1
>
>so it defaults to 1 which is why i set the same in mod_fcgid.conf via
>'PHP_Fix_Pathinfo_Enable 1'.
>
>
>I'm not aware of a connection between cgi.force_redirect and 
>PHP_Fix_Pathinfo_Enable.  What do you know about that?
>

I am sorry. It was meant to read:

; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for 
CGI.  PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to 
not grok
; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs. 
Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A 
setting
; of zero causes PHP to behave as before.  Default is 1.  You should fix 
your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://php.net/cgi.fix-pathinfo
;cgi.fix_pathinfo=1

I copied the wrong part from my php.ini. Also for the missing environment 
variables i should have tested from the same conditions but i did 
http://domain.tld/phpinfo.php on mod_fcgid config and 
http://www.domain.tld/admin/phpinfo.php on the mod_cgi config. A difference 
in variables is to be expected then. I will get back to this later today and 
retest.

...

>>I hope this clearifies the situation a lot more instead of causing even 
>>more
>>confusion.
>
>
>Yes, it helps a lot.
>
>
>
>>I was happy to give you even more information if you told me what you 
>>need.
>>I would really like to get this solved (and apologies concerning the
>>formatting of these variables).
>
>
>No problem.
>
>Please try translating the CGI config directly to FastCGI as noted above, 
>instead of using the Plesk-generated config, and let us know what happens.
>
>Replace this bit
>
>
>SetHandler fcgid-script
>FCGIWrapper /usr/bin/php-cgi5 .php
>Options +ExecCGI
>Allow from all
>  
>
>with
>
>Alias /phppath/ /usr/bin/
>  
>SetHandler fcgid-script
>Options +ExecCGI
>  
>

I get a configuration error when i try to do replace that bit (in the lines 
where i put a *) and 'rcapache2 reload' after because that part sits in a 
VirtualHost container nested within . The first error was: "Alias 
not allowed here":

:80>
...


SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI



*
*SetHandler fcgid-script
*FCGIWrapper /usr/bin/php-cgi5 .php
*Options +ExecCGI
*allow from all
*

Options -Includes -ExecCGI

Include /srv/www/vhosts/domain.tld/conf/vhost.conf


but i got your point. I will try to replicate your setup later today.

At least i am glad to hear that the script works with mod_fcgid if using the 
same config than with mod_cgi.

Rgds,
Marcus

Re: mod_fcgid: Problem serving binary content with Apache 2.2.13 - PHP 5.2.9

2009-09-22 Thread Marcus Merz 
Ok, i am puzzled
  "Jeff Trawick"  schrieb im Newsbeitrag 
news:cc67648e0909211455i5cb6c7c3ub4fdcc25cb9cc...@mail.gmail.com...

  Please try translating the CGI config directly to FastCGI as noted above, 
instead of using the Plesk-generated config, and let us know what happens.

  Replace this bit

  
  SetHandler fcgid-script
  FCGIWrapper /usr/bin/php-cgi5 .php
  Options +ExecCGI
  Allow from all


  with 

  Alias /phppath/ /usr/bin/

  SetHandler fcgid-script
  Options +ExecCGI




I could not get it to work in my httpd.include file as Apache was always 
throwing an error (i.e. Alias not allowed here, Location not allowed here 
etc).

I ended up changing my /etc/apache2/conf.d/mod_fcgid.conf (excerpt) from:

---
##
## PHP via FastCGI
##
## uncomment the following line if you want to handle php via mod_fcgid
##
#
#AddHandler fcgid-script .php
#FCGIWrapper /srv/www/cgi-bin/php5 .php
#Options +ExecCGI
#
##

# End of 

##

---

to

---
##
## PHP via FastCGI
##
## uncomment the following line if you want to handle php via mod_fcgid
##
#
#AddHandler fcgid-script .php
#FCGIWrapper /srv/www/cgi-bin/php5 .php
#Options +ExecCGI
#
##
Alias /phppath/ "/usr/bin/"
  
SetHandler fcgid-script
Options +ExecCGI
  

# End of 

##


so basically inserting your replacement code at the bottom inside the  container.

Now there are two things:

1) On virtual hosts which use 'FastCGI-Application' in Plesk and which 
httpd.include looks like this:

:80>
...



SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
allow from all
PerlSendHeader On




SetHandler python-program
PythonHandler   mod_python.cgihandler




SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI




SetHandler fcgid-script
FCGIWrapper /usr/bin/php-cgi5 .php
Options +ExecCGI
allow from all


Options -Includes -ExecCGI

Include /srv/www/vhosts/domain.tld/conf/vhost.conf


a) I sometimes get all files offered to download (not really able to replicate 
this, it seems it is connected to the use of .htaccess and modify.php in the 
same directory i sometimes get php files with image/jpeg header for download, 
sometimes with x-httpd-php header...kind of bizarre...) and
b) The watermark image still fails for the same reason as stated before: PHP 
tries to parse the image.

I have proof that this config uses mod_fcgid because phpinfo() gives only 
_ENV["PATH"] under Environment plus i do get a _SERVER["Authorization"] and 
other Auth variables when calling phpinfo() from a .htaccess secured directory 
(AuthType Basic) which was not the case if it was mod_cgi.


2) Virtual hosts which use 'CGI-Application' in Plesk and which httpd.include 
therefore looks like this:

:80>
...



SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
allow from all
PerlSendHeader On




SetHandler python-program
PythonHandler   mod_python.cgihandler




SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI



AddHandler php-script .php
Options +ExecCGI
allow from all

Options -Includes -ExecCGI

Include /srv/www/vhosts/domain.tld/conf/vhost.conf


SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI



AddHandler php-script .php
Options +ExecCGI
allow from all


the watermark image gets displayed and phpinfo() states that mod_fcgid is used.


When in 2. you would choose 'FastCGI-Application' in Plesk which causes the 
httpd.include (excerpt) to look like this:


SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI




SetHandler fcgid-script
FCGIWrapper /usr/bin/php-cgi5 .php
Options +ExecCGI
allow from all


the watermark image fails with the same error like in the beginning:

Warning: Unexpected character in inp

Re: mod_fcgid: Problem serving binary content with Apache 2.2.13 - PHP 5.2.9

2009-09-23 Thread Marcus Merz 
Hi Jeff,

after another evening, this is what i came up with:

Goals:
1. I do not want to mess around with /etc/apache2/conf.d/mod_fcgid.conf
2. I do not want to be forced to always use mod_fcgid on virtual hosts that are 
configured for mod_cgi (from Plesk)

I achieve this by doing all necessary changes in 
/srv/www/vhosts//conf/vhost.conf (in case of a subdomain ist could 
also be /srv/www/vhosts/domain.tld/subdomains//conf/vhost.conf) and 
amending the respective httpd.include file (in 
/srv/www/vhosts//conf as well).

The downside is, that this httpd.include file gets generated by Plesk whenever 
you change anything for that virtual host or a subdomain for that virtual host. 
There is an event manager in Plesk where you can specify to run a specific 
script after an event has taken place like 'hosting domain create/update' to 
reverse any changes to httpd.include but it would require more work and 
knowledge to write such a script, i.e. cutting the respective  container (see below) and adding necessary code either in 
httpd.include or a vhost.conf file. Certainly it is doable, though.

Fine.

[btw, maybe it was my fault but using your replacement code 1:1 causes every 
file (tested with php or jpeg) to be offered for download by the browser 
(tested on 2 different computers with FF 3.5.3, IE 6 and IE 8)]

To get mod_fcgid running with this watermark script and not to interfere with 
virtual hosts configured to use mod_cgi, i did amend/extend a couple of things, 
plus, i did add FCGIWrapper statement back in which might be useless but i 
wanted to know whether that directive is part of the problem. Actually it is 
not. The problem starts when using 'SetHandler fcgid-sript' instead of an 
Alias/Action combination.

/etc/apache2/conf.d/mod_fcgid.conf is back to 'out-of-the-box' configuration. I 
only added

PassHeader Authorization
PHP_Fix_Pathinfo_Enable 1

like before.


My httpd.include is:

:80>
...



SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
allow from all
PerlSendHeader On




SetHandler python-program
PythonHandler   mod_python.cgihandler




SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI


#   
#   
#   SetHandler fcgid-script
#   FCGIWrapper /usr/bin/php-cgi5 .php
#   Options +ExecCGI
#   allow from all
#   
#   
Options -Includes -ExecCGI

Include /srv/www/vhosts/domain.tld/conf/vhost.conf


so you could skip/delete the second  container from 
httpd.include.

The included vhost.conf file then contains:
---
Alias /phpfcgidpath/ "/usr/bin/"
Action php-fcgid /phpfcgidpath/php-cgi5
  
SetHandler fcgid-script
Options +ExecCGI
  
  
  SetHandler php-fcgid
  FCGIWrapper /usr/bin/php-cgi5 .php
  Options +ExecCGI
  allow from all
  
---

The first two statements are basically similiar to the 
/etc/apache2/conf.d/php_cgi.conf (and needed as i did replace /phppath/ with 
/phpfcgidpath/ for which there is no ScriptAlias and Action statement in any 
other *.conf file):
---
scriptAlias /phppath/ "/usr/bin/"
Action php-script /phppath/php-cgi5
---

As i wanted to have a testconfig which does not interfere with mod_cgi, i 
changed from /phppath/ to /phpfcgidpath/ and did use Alias instead of 
ScriptAlias because you used it in your replacement bit. In the end it does not 
really matter.

This causes only virtual hosts which have this additional statement in its 
vhost.conf to use mod_fcgid and the watermark image works with this 
configuration.

As soon as you change the SetHandler statement in the vhost.conf from:

  
  SetHandler php-fcgid
  FCGIWrapper /usr/bin/php-cgi5 .php
  Options +ExecCGI
  allow from all
  

to 

  
  SetHandler fcgid-script
  FCGIWrapper /usr/bin/php-cgi5 .php
  Options +ExecCGI
  allow from all
  

(which is the default from Plesk in httpd.include when switching to 
FastCGI-Application), PHP tries to parse the jpg file again. This is expected 
as changing the SetHandler directive as shown, the Alias and Action directive 
are not used anymore as we do not use the Handler php-fcgid anymore and we are 
back to square one.


Using this 'workaround' does have one other side-effect:

As we are using a Alias (or ScriptAlias) directive, now, when we call an URL 
from a .htaccess protected directory -AuthType Basic in connection with 
PassHeader Authrization-, the _SERVER["REMOTE_USER"] variable is empty and 
_ENV["REDIRECT_REMOTE_USER"] is used instead. This is not really a problem, but 
when you try to use PHP Auth, you have to adopt your scripts not only to test 
for REMOTE_USER bu

Re: mod_fcgid: Problem serving binary content with Apache 2.2.13 - PHP 5.2.9

2009-10-11 Thread Marcus Merz 
Is this issue solved in 2.3.4?

Regards,
Marcus

Re: mod_fcgid: Problem serving binary content with Apache 2.2.13 - PHP 5.2.9

2009-10-12 Thread Jeff Trawick 
On Sun, Oct 11, 2009 at 6:16 AM, Marcus Merz  wrote:
> Is this issue solved in 2.3.4?

no

Re: mod_fcgid: Problem serving binary content with Apache 2.2.13 - PHP 5.2.9

2009-10-12 Thread Jeff Trawick 
On Mon, Oct 12, 2009 at 4:14 PM, Jeff Trawick  wrote:
> On Sun, Oct 11, 2009 at 6:16 AM, Marcus Merz  wrote:
>> Is this issue solved in 2.3.4?
>
> no

BTW, I'm sorry I haven't followed up to your last couple of posts.  I
should be honest with you:  All that Plesk-generated config and/or
attempts to interject tweaks to that config makes my head explode.
Maybe somebody else here has the time and will power to dig through
it.

My general thoughts: I don't think mod_fcgid's processing can be
compared to mod_php's in any meaningful way.  Instead, it should be
compared to mod_cgi's (mod_cgid's).  FastCGI is essentially CGI, but
with the request information passed over in a way that allows the
script to handle multiple requests without exiting.  mod_cgi and
mod_fcgid should pass the same request environment variables to the
CGI/FastCGI application, and in fact they use the same core httpd code
to build that information.  (The notable exception is when
FcgidFixPathInfo is turned on, in which case mod_fcgid modifies one of
the request environment variables I can't say if/when exactly that
helps.)

Good luck!

Re: mod_fcgid: Problem serving binary content with Apache 2.2.13 - PHP 5.2.9

2010-02-23 Thread Marcus Merz 
"Jeff Trawick"  schrieb im Newsbeitrag 
news:cc67648e0910121343j7e922d94q1f96ee89cd897...@mail.gmail.com...
> On Mon, Oct 12, 2009 at 4:14 PM, Jeff Trawick  wrote:
>> On Sun, Oct 11, 2009 at 6:16 AM, Marcus Merz  wrote:
>>> Is this issue solved in 2.3.4?
>>
>> no
>
> BTW, I'm sorry I haven't followed up to your last couple of posts.  I
> should be honest with you:  All that Plesk-generated config and/or
> attempts to interject tweaks to that config makes my head explode.
> Maybe somebody else here has the time and will power to dig through
> it.

...

> Good luck!
>

Well, it's been a while but as i want other people to find a solution should 
they dig in old archives via Google, i wanted to share wiht you how i got 
around 'the wonderful world of Plesk' (no, i did not deinstall it...). 
Please acknowledge that i am neither a guru of Apache, mod_fcgid nor PHP. I 
simply want to help people who might face the same problem than i did about 
6 months ago. If you read this whole thread, then you know about the 
problems arising in certain -special- environments when you want to use 
mod_fcgid (i.e. active watermarking images like i did).

My current environment as of writing this is:
- suse-10.3-x86_64-plesk9
- Plesk 9.2.3
- Apache 2.2.4 with MPM-worker enabled
- PHP 5.2.9
- mod_fcgid 2.3.5 (with 'FcgidFixPathinfo 1' in 
/etc/apache2/conf.d/mod_fcgid.conf)

The 'FcgidFixPathinfo 1' in /etc/apache2/conf.d/mod_fcgid.conf corresponds 
to
---
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for 
CGI.  PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to 
not grok
; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs. 
Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A 
setting
; of zero causes PHP to behave as before.  Default is 1.  You should fix 
your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://php.net/cgi.fix-pathinfo
;cgi.fix_pathinfo=1
---

in /etc/php5/fastcgi/php.ini as cgi.fix_pathinfo=1 is the default. I mention 
it here because i refer to it later.


To avoid problems in an active watermark php script (caused by SetHandler 
and FCGIWrapper directives - please read the entire thread for details), 
this is what i did:

In Plesk, choose "PHP Support via CGI" from the dropdown menue in your 
 "Web Hosting Setup".

This will add
---

AddHandler php-script .php
Options +ExecCGI
allow from all

---

to your /conf/httpd.include file. Now, how do we get to use 
mod_fcgid then?

In /etc/sysconfig/apache2 you (hopefully) have:
---
APACHE_MODULES=" cgi  fcgid  suexec"
---

so mod_fcgid.so will be included in 
/etc/apache2/sysconfig.d/loadmodule.conf.

In the order you included your modules above, mod_cgi.so will be implemented 
before mod_fcgid.so and therefore /etc/apache2/conf.d/php_cgi.conf will be 
parsed before /etc/apache2/conf.d/mod_fcgid.conf. Do i make sense?

What does this mean?

In /etc/apache2/conf.d/php_cgi.conf we have
---
scriptAlias /phppath/ "/usr/bin/"
Action php-script /phppath/php-cgi5
---

(this was mentioned in here before). Actually this causes all PHP scripts to 
be parsed by mod_cgi. Hmm Fine. Let's add a vhost.conf in 
/srv/www/vhosts//conf/

like this: /srv/www/vhosts//conf/vhost.conf
---

Include /srv/www/vhosts/global.vhost.conf
---

What? This is because i want ALL domains to use PHP via mod_fcgid yet i do 
not want to change every vhost.conf manually which is why i use this 
'Include'.

/srv/www/vhosts/global.vhost.conf:
---

Alias /phpfcgidpath/ "/usr/bin/"
Action php-script /phpfcgidpath/php-cgi5

SetHandler fcgid-script
Options +ExecCGI


---

Now, what do we do here? Well, we define an alias similiar like in 
/etc/apache2/conf.d/php_cgi.conf but via the Action statement and the 
following Location container, all Files ending (\.php) will now get parsed 
using mod_fcgid because of the
---
SetHandler fcgid-script
---

If you have set 'FcgidFixPathinfo 1' in 
/etc/apache2/conf.d/mod_fcgid.conf -as explained above- calling phpinfo() 
will tell you this
---
_SERVER["ORIG_SCRIPT_NAME"]   /phpfcgidpath/php-cgi5
---

which means, mod_fcgid has been used to parse the php file. This is what we 
wanted to achieve.

Instead of using a (global) vhost.conf file, you could probably put 
everything into /etc/apache2/conf.d/mod_fcgid.conf but this is like with 
Rome: There are more than one ways to achieve your goal. I just wrote about 
how I succeeded. Feel free to find your own way.

HTH.
Marcus

Re: mod_fcgid: Problem serving binary content with Apache 2.2.13 - PHP 5.2.9

2010-02-23 Thread Jeff Trawick 
On Tue, Feb 23, 2010 at 4:47 PM, Marcus Merz  wrote:
> Well, it's been a while but as i want other people to find a solution should
> they dig in old archives via Google,

Thanks for the good summary.