DevHeads.net

Is it possible to evaluate .htaccess before proxying requests? (Apache 2.4.9)

Hi all,

is the intended behaviour of ProxyPass(Match)-Directives to ignore
.htaccess files?
And is there any way to change this?

Version used: Apache httpd 2.4.9
Operating System: SUSE Linux Enterprise Server 11.3 (x86_64)

Context:
PHP is enabled via mod_proxy(_fcgi), but using this configuration-
snippet in vhost-context

<LocationMatch .*\.php$ >
ProxyPass unix:/var/run/php-fpm.sock|fcgi://localhost/
</LocationMatch>

with the following .htaccess-Directive in the DocumentRoot

Require all denied

results in the following situation:

Access to php-files isn't denied - they are served - but non-PHP-ressources
like css- or js-files aren't served ( => strange output).

Same Problem when proxying is realized via ip-adress or rewrites:
RewriteRule (.*\.php)$ fcgi://localhost:9000/$1 [P]

Please Note:
I know I can configure stuff like access control in
<Location(Match)>-context in the
server configuration. And I know .htaccess files have "performance,
security, and
management downsides" (cit. Mark Montague).
The problem: Non-privileged users (~1200) who are only allowed to modify
their
.htaccess-files for rewrites or access controls. Even if they had access
to their
vhost context the migration effort grows exponentially since
htaccess-files are status
quo...

Thanks in advance for your effort.

Kind regards,
Tobias Adolph

Comments

Re: Is it possible to evaluate .htaccess before pr

By Eric Covener at 05/16/2014 - 11:47

On Tue, May 13, 2014 at 11:51 AM, Tobias Adolph <Tobias. ... at lrz dot de> wrote:

Yes, proxy directives stop the URL from being mapped to any location
on disk, so no .htaccess in any directory is applicable.

You could try mod_rewrite in directory context.

Re: Is it possible to evaluate .htaccess before pr

By Tobias Adolph at 05/19/2014 - 06:30

Am 16.05.2014 18:47, schrieb Eric Covener:
This configuration worked in our environment, .htaccess-files are evaluated
(thanks a lot to Eric Covener for his suggestion):
<Directory "/path/to/htdocs" >
Rewrite Engine On
RewriteRule ^(.*\.php)$ fcgi://127.0.0.1:4000/path/to/htdocs/$1 [P]
</Directory>

We hadn't had success with unix domain sockets though
RewriteRule ^(.*\.php)$
unix:/var/run/php-fpm.sock|fcgi://localhost/path/to/htdocs/$1 [P]

This is logged in the error log file:

No protocol handler was valid for the URL /info.php. If you are using a
DSO version
of mod_proxy, make sure the proxy submodules are included in the
configuration
using LoadModule.

Since
1) the first RewriteRule above worked but the second didn't
2) and this worked (outside Directory context, of course):

<LocationMatch .*\.php$ >
ProxyPass
unix:/var/run/php-fpm.sock|fcgi://localhost/path/to/htdocs
</LocationMatch>

I assume that there is no issue loading the correct module. Maybe the
communication
between mod_rewrite and mod_proxy using UDS is buggy?

Is there any way to enable Proxying to a fcgi-daemon listening on a unix
domain socket
using RewriteRule?

Thanks for your help!

Kind regards
Tobias Adolph

Re: Is it possible to evaluate .htaccess before pr

By Tobias Adolph at 05/27/2014 - 05:45

Hello everybody,

isn't there any solution?

Am 19.05.2014 13:30, schrieb Tobias Adolph:
Thanks in advance!

Kind regards,
Tobias Adolph

Re: [users@httpd] Is it possible to evaluate .htaccess b

By ryo takatsuki at 06/03/2014 - 02:32

Hi,

You could try this:

<Proxy "unix:/var/run/php-fpm.sock|fcgi://backend-fpm" timeout=300>
</Proxy>

<Directory "/path/to/htdocs" >
Rewrite Engine On
RewriteRule ^(.*\.php)$ fcgi://backend-fpm/%{REQUEST_FILENAME} [P]
</Directory>

Best regards,

Juanjo.

2014-05-27 12:45 GMT+02:00 Tobias Adolph <Tobias. ... at lrz dot de>: