Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache 2.4 + PhPFPM 5.5 + proxypass = problems |
|
| Author |
|
clouseau
Joined: 06 May 2015
Posts: 18
Location: Serbia, Subotica
|
 Posted: Thu 07 May '15 17:12 Post subject: Apache 2.4 + PhPFPM 5.5 + proxypass = problems |
 |
|
Hello Everyone!
So, what I did here is somewhat exohotic.
I have installed Apache v 2.4 (running on port 81 as content server) on CentOS 6.6, and also installed php55w and using it's v5.5 php-fpm engine to precess the php scripts. Vith Varnish 4 infront of it on port 80, as reverse cache, it works fast as hell.
But....
My problem is, how to protect certain WP directories (like upload) from executing php scripts in it.
As I understand, php-fpm will not understand .httpdocs, so I'm oriented on the virtual host conf file.
Here's my conf filethat is not functioning according to my master plan:
| Code: |
<VirtualHost *:81>
DocumentRoot /www/somedomain/
ServerName <somedomain>
ErrorLog /var/log/httpd/gradsu-error_log
CustomLog /var/log/httpd/gradsu-access_log combined
<Directory /www/somedomain>
AllowOverride None
Require all granted
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
</Directory>
RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/www/somedomain/$1
DirectoryIndex /index.php
|
Basically, my bigest problem here is that the part where
RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
is, seems to be ignored.
(The idea here is to deny access to php files to any /uploads/ folder and on.
Any ideas?
Edit:
Here are my modules:
| Code: |
LoadModule authn_file_module modules/mod_authn_file.so
##LoadModule authn_dbm_module modules/mod_authn_dbm.so
##LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
##LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_form_module modules/mod_auth_form.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule file_cache_module modules/mod_file_cache.so
LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#LoadModule cache_socache_module modules/mod_cache_socache.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule dumpio_module modules/mod_dumpio.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule request_module modules/mod_request.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule sed_module modules/mod_sed.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule logio_module modules/mod_logio.so
#LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule remoteip_module modules/mod_remoteip.so
LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_express_module modules/mod_proxy_express.so
LoadModule session_module modules/mod_session.so
LoadModule session_cookie_module modules/mod_session_cookie.so
LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule ssl_module modules/mod_ssl.so
#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule info_module modules/mod_info.so
#LoadModule cgi_module modules/mod_cgi.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
|
[/quote] |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Thu 07 May '15 17:44 Post subject: |
|
|
You can disable path via
| Code: | | ProxyPass /somedir ! |
put that line before the ProxyPassMatch line in your config. |
|
| Back to top |
|
clouseau
Joined: 06 May 2015
Posts: 18
Location: Serbia, Subotica
|
| Posted: Fri 08 May '15 18:01 Post subject: |
|
|
| James Blond wrote: | You can disable path via
| Code: | | ProxyPass /somedir ! |
put that line before the ProxyPassMatch line in your config. |
cheers, this worked:
| Code: | | ProxyPass /wp-content/uploads ! |
Does regexp work with this?
I've tried
| Code: | | ProxyPass ^/uploads ! |
in several forms but that one didn't work 
I would also like to ban access to some WP files (line /wp-config.php
How do I do that in Apache 2.4? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Sun 10 May '15 21:57 Post subject: |
|
|
I haven't tried, but a
| Code: | | ProxyPassMatch ^/uploads ! |
should work. |
|
| Back to top |
|
clouseau
Joined: 06 May 2015
Posts: 18
Location: Serbia, Subotica
|
| Posted: Thu 14 May '15 10:44 Post subject: |
|
|
| James Blond wrote: | I haven't tried, but a
| Code: | | ProxyPassMatch ^/uploads ! |
should work. |
Ok, so to explain for the wider masses, I was using ProxyPass with regexp and that's why it didn't work.
If we want to use regular expressions, as you said, the ProxyPassMatch is the keyword and it matches to the URl by default.
Now, since I have a rewrite for the base folder, the code that worked for me is (no need to match to the whole www.domain.com/wp-admin/uploads URL):
| Code: | | ProxyPassMatch ^/wp-admin/uploads ! |
I'm finally beginning to catch up with this.
Thanks a lot! |
|
| Back to top |
|
|
|
|
|
|
