I'm trying to set up a server that parses .HTML file for PHP.
Operating System: Amazon Linux 2
PHP version: 8.0.8
Apache version: 2.4.51
/etc/httpd/conf.d/php.conf
#
# Allow php to handle Multiviews
#
AddType text/html .php
#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php index.html
#
# Redirect to local php-fpm (no mod_php in default configuration)
#
# Enable http authorization headers
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>
The change I'm making is adding HTML to the FilesMatch clause here:
<FilesMatch \.(php|phar|html)$>
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>
When I do that I see these errors:
[proxy_fcgi:debug] [pid 20974] mod_proxy_fcgi.c(1063): [client 1.1.1.1:49893] AH01078: serving URL fcgi://localhost/home/web-system-sites/dev.example.com/index.html
[proxy:debug] [pid 20974] proxy_util.c(2528): AH00942: FCGI: has acquired connection for (*)
[proxy:debug] [pid 20974] proxy_util.c(2583): [client 1.1.1.1:49893] AH00944: connecting fcgi://localhost/home/web-system-sites/dev.example.com/index.html to localhost:8000
[proxy:debug] [pid 20974] proxy_util.c(2620): [client 1.1.1.1:49893] AH02545: fcgi: has determined UDS as /run/php-fpm/www.sock
[proxy:debug] [pid 20974] proxy_util.c(2806): [client 1.1.1.1:49893] AH00947: connected /home/web-system-sites/dev.example.com/index.html to httpd-UDS:0
[proxy:debug] [pid 20974] proxy_util.c(3177): AH02823: FCGI: connection established with Unix domain socket /run/php-fpm/www.sock (*)
[proxy_fcgi:error] [pid 20974] [client 1.1.1.1:49893] AH01071: Got error 'Access to the script '/home/web-system-sites/dev.example.com/index.html' has been denied (see security.limit_extensions)'
After reading my error messages a second time I saw this, "see security.limit_extensions" and then I added .HTML here:
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
security.limit_extensions = .php .html
and it works like a charm
Related
Using Apache 2.4 & PHP 7.4 on Ubuntu 18.04. Default Apache conf file. I'm trying to upload ~700 jpegs (totaling ~100MB, largest one being ~1MB) to a Laravel app, for a single one it works but for the larger request size I get:
The server returned a "413 Payload Too Large".
Site config looks like:
<VirtualHost *:443>
ServerName server.domain.com
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
ProxyPreserveHost On
ProxyPass "/" "http://127.0.0.1:8000/"
ProxyPassReverse "/" "http://127.0.0.1:8000/"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/privkey.pem
LogLevel debug
</VirtualHost>
/etc/php/7.4/apache2/php.ini has:
max_execution_time = 3600
max_input_time = 3600
memory_limit = 512M
post_max_size = 0 #Unlimited
file_uploads = On
upload_max_filesize = 100M
max_file_uploads = 2000
I've restarted Apache after applying. I see the POST request in my access.logs:
"POST /i/import/job/11c1893c-d775-46d7-9df8-1a6fafcc96f2/1 HTTP/1.1" 413 1562
and (normal looking) debug logs in error logs:
[ssl:debug] [pid 5395] ssl_engine_kernel.c(415): [client ip:1027] AH02034: Initial (No.1) HTTPS request received for child 7 (server server.domain.com:443), referer: https://server.domain.com/i/import/job/11c1893c-d775-46d7-9df8-1a6fafcc96f2/1
[authz_core:debug] [pid 5395] mod_authz_core.c(845): [client ip:1027] AH01628: authorization result: granted (no directives), referer: https://server.domain.com/i/import/job/11c1893c-d775-46d7-9df8-1a6fafcc96f2/1
[proxy:debug] [pid 5395] mod_proxy.c(1253): [client ip:1027] AH01143: Running scheme http handler (attempt 0), referer: https://server.domain.com/i/import/job/11c1893c-d775-46d7-9df8-1a6fafcc96f2/1
[proxy_fcgi:debug] [pid 5395] mod_proxy_fcgi.c(1019): [client ip:1027] AH01076: url: http://127.0.0.1:8000/i/import/job/11c1893c-d775-46d7-9df8-1a6fafcc96f2/1 proxyname: (null) proxyport: 0, referer: https://server.domain.com/i/import/job/11c1893c-d775-46d7-9df8-1a6fafcc96f2/1
[proxy_fcgi:debug] [pid 5395] mod_proxy_fcgi.c(1024): [client ip:1027] AH01077: declining URL http://127.0.0.1:8000/i/import/job/11c1893c-d775-46d7-9df8-1a6fafcc96f2/1, referer: https://server.domain.com/i/import/job/11c1893c-d775-46d7-9df8-1a6fafcc96f2/1
[proxy:debug] [pid 5395] proxy_util.c(2325): AH00942: HTTP: has acquired connection for (127.0.0.1)
[proxy:debug] [pid 5395] proxy_util.c(2379): [client ip:1027] AH00944: connecting http://127.0.0.1:8000/i/import/job/11c1893c-d775-46d7-9df8-1a6fafcc96f2/1 to 127.0.0.1:8000, referer: https://server.domain.com/i/import/job/11c1893c-d775-46d7-9df8-1a6fafcc96f2/1
[proxy:debug] [pid 5395] proxy_util.c(2588): [client ip:1027] AH00947: connected /i/import/job/11c1893c-d775-46d7-9df8-1a6fafcc96f2/1 to 127.0.0.1:8000, referer: https://server.domain.com/i/import/job/11c1893c-d775-46d7-9df8-1a6fafcc96f2/1
[proxy:debug] [pid 5395] proxy_util.c(3054): AH02824: HTTP: connection established with 127.0.0.1:8000 (127.0.0.1)
[proxy:debug] [pid 5395] proxy_util.c(3240): AH00962: HTTP: connection complete to 127.0.0.1:8000 (127.0.0.1)
[proxy:debug] [pid 5395] proxy_util.c(2340): AH00943: http: has released connection for (127.0.0.1)
[ssl:debug] [pid 5395] ssl_engine_io.c(1102): [client ip:1027] AH02001: Connection closed to child 7 with standard shutdown (server server.domain.com:443)
I don't see anything related in my application logs. Also tried setting LimitRequestBody in the apache2.conf but didn't help either.
Artisan Serve - which the Laravel app is using to start the server, using the php.ini at php-cli not the one at php-apache or php-fpm modifying the config in that, resolved this.
I have configured IBM HTTP Server as follow:
<IfModule mod_fastcgi.c>
Options Indexes MultiViews ExecCGI
FastCGIServer "c:/php7.1/php-cgi.exe"
SetHandler fastcgi-script
</IfModule>
<Directory "C:/IBM/HTTPServer85/htdocs/public">
AddHandler fastcgi-script .php
Options FollowSymLinks Indexes MultiViews ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
I get the following errors:
[Mon Jan 29 12:17:22 2018] [notice] Child 8328: Starting 600 worker threads.
[Mon Jan 29 12:17:22 2018] [notice] FastCGI: process manager initialized
[Mon Jan 29 12:17:22 2018] [warn] FastCGI: server "C:/php7.1/php-cgi.exe" started (pid 4636)
[Mon Jan 29 12:17:22 2018] [notice] Child 8328: Listening on port 443.
[Mon Jan 29 12:17:22 2018] [notice] Child 8328: Listening on port 8443.
[Mon Jan 29 12:17:24 2018] [error] [client 192.168.107.169] (OS 2)The system cannot find the file specified. : FastCGI: stat() of "C:/IBM/HTTPServer85/htdocs/public/login/" failed
[Mon Jan 29 12:17:24 2018] [crit] (OS 193)%1 is not a valid Win32 application. : FastCGI: can't start (dynamic) server "C:/IBM/HTTPServer85/htdocs/error/500/index.php": spawn_fs_process() failed
[Mon Jan 29 12:17:24 2018] [crit] [Mon Jan 29 12:17:24 2018] file G:\\blddir\\IHS85\\apache\\modules\\fastcgi\\fcgi_pm.c, line 1787, assertion "s->procs[i].pid < 0" failed
What is wrong with my http.conf?
It looks like you have a hybrid/partial config of multiple ways to configure fastcgi.
In the era of mod_fastcgi (IHS 8.5.5 and earlier), you'd typically see the "Action" directive here which results in a request for foo.php to be passed to the PHP interpreter as an argument.
Since you don't have action, and your SetHandler does not limit to
any particular extension, mod_fastcgi tries to invoke your php script
directly as an executable. On Windows, this association of what intepreter to use is the global one of the OS.
If you stick with mod_fastcgi, I'd suggest using the boilerplate examples with Action you see everywhere. But there's no reason to torture yourself with this when even IHS 9 has mod_proxy_fcgi and you could instead configure that and php-fpm instead.
So I'm trying to get my LAMP stack to work in my Macbook. I've apache setup but PHP is not working. I've installed php55 with Brew and loaded the module in my httpd.conf file like this:
LoadModule php5_module /usr/local/opt/php55/libexec/apache2/libphp5.so
I've checked if the libphp5.so was at the location the module is pointing and it was there.
If I check my apache error.log I get the following message:
[Sat Apr 23 21:36:59.307093 2016] [ssl:warn] [pid 7231] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Sat Apr 23 21:36:59.358254 2016] [auth_digest:notice] [pid 7231] AH01757: generating secret for digest authentication ...
[Sat Apr 23 21:36:59.360623 2016] [mpm_prefork:notice] [pid 7231] AH00163: Apache/2.4.18 (Unix) LibreSSL/2.2.6 PHP/5.5.34 configured -- resuming normal operations
[Sat Apr 23 21:36:59.360661 2016] [core:notice] [pid 7231] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
I'm missing something but I'm not quite sure what at this point.
Did you also update your Apache config to recognize .php extensions?
AddType application/x-httpd-php .php
or
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
add the following line to your httpd.conf:
AddHandler application/x-httpd-php .php
after apache restart everything should work
My PHP code is not executed when I access the root directory with
http://localhost/sample.php
The code I want to run is:
<?php phpinfo(); ?>
But my code is just shown on the browser, it is not executing.
I tried to:
restart all services several times including putting WampServer online;
changing the listening port in httpd.conf to 8080.
There is not any error in the PHP error log But in Apache Error Log there are errors as following:
[Tue Jun 09 08:53:52 2015] [notice] Apache/2.2.21 (Win32) PHP/5.3.10 configured -- resuming normal operations
[Tue Jun 09 08:56:30 2015] [error] [client ::1] client denied by server configuration: C:/wamp/www/
[Tue Jun 09 08:56:30 2015] [error] [client ::1] client denied by server configuration: C:/wamp/www/favicon.ico, referer: http://localhost/
[Tue Jun 09 09:22:23 2015] [error] [client ::1] (20023)The given path was above the root path: Cannot map GET /C:/wamp/www HTTP/1.1 to file
[Tue Jun 09 09:22:24 2015] [error] [client ::1] client denied by server configuration: C:/wamp/www/favicon.ico, referer: http://localhost/C:/wamp/www
[Tue Jun 09 09:26:26 2015] [error] [client ::1] client denied by server configuration: C:/wamp/www/
[Tue Jun 09 09:26:26 2015] [error] [client ::1] client denied by server configuration: C:/wamp/www/favicon.ico, referer: http://localhost/
[Tue Jun 09 09:26:46 2015] [error] [client ::1] client denied by server configuration: C:/wamp/apps/phpmyadmin3.4.10.1/
[Tue Jun 09 09:26:46 2015] [error] [client ::1] client denied by server configuration: C:/wamp/www/favicon.ico, referer: http://localhost/phpmyadmin/
[Tue Jun 09 09:30:10 2015] [error] [client ::1] client denied by server configuration: C:/wamp/apps/phpmyadmin3.4.10.1/
[Tue Jun 09 09:30:10 2015] [error] [client ::1] client denied by server configuration: C:/wamp/www/favicon.ico, referer: http://localhost/phpmyadmin/
[Tue Jun 09 09:31:21 2015] [error] [client ::1] client denied by server configuration: C:/wamp/apps/phpmyadmin3.4.10.1/
[Tue Jun 09 09:31:21 2015] [error] [client ::1] client denied by server configuration: C:/wamp/www/favicon.ico, referer: http://localhost/phpmyadmin/
Your problem is that your browser has decided to use the IPV6 stack rather than the IPV4 stack hence the ip address ::1 in the error messages rather that the more usual `127.0.0.1' IPV4 loopback address.
As IPV6 was very new when the version of WAMPServer that comes with Apache/2.2.21 Apache was released, and is not configured to expect access from the IPV6 loopback address ::1 so you will have to amend the config.
Edit httpd.conf using the wampmanager menus to make sure you edit the correct file. Then look for this section, it will probably look something like this :-
<Directory "c:/wamp/www/">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride all
#
# Controls who can get stuff from this server.
#
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
So change these lines as follows
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 ::1 localhost <-- this line
See I have added the ip address ::1 and also localhost
You will also have to change the file that controls access to phpMyAdmin in the same way :-
Edit \wamp\alias\phpmyadmin.conf and change
Order Deny,Allow
Deny from all
Allow from localhost 127.0.0.1
To
Order Deny,Allow
Deny from all
Allow from localhost 127.0.0.1 ::1
You may also need to amend the sqlbuddy and webgrind configs in the same way if you actually use those features.
I assume that you are using windows 8.
Try these:
1. In httpd.conf file, change
Listen 80 line with Listen 127.0.0.1:8080
2. Disable windows firewall. If it works that way, you need to open your port 8080 (adding an exception to windows firewall).
3. If there are any services using port 8080, stop these services, restart wampserver and try again.
4. If none of these works for you, try to change these lines in your wampserver apache configuration file (httpd.conf) and after saving, restart the apache server.
Order Deny, Allow
Deny from all
Allow from 127.0.0.1 :: 1 localhost
Allow from 192.168
Allow from 10.186
First check your localhost is running or not by
http://localhost
if it was not working then it could because of 8080 port conflict assign some other port to apache.Even this could not solve your problem then fastest and easiest way to get rid of this thing is by reinstalling your wampserver download it from here http://www.wampserver.com/en/ a nice installation description provided there.
I am trying to configure cgi with apache
I did following changes in httpd.conf file
uncommented
AddHandler cgi-script .cgi
<Directory "/var/www/cgi-bin">
AllowOverride None
Options +ExecCGI
Require all granted
</Directory>
service httpd restart
But unable to execute, its giving following error in logs/error_log file
[Wed Mar 26 17:08:22.088316 2014] [mime_magic:error] [pid 7760] [client ::1:59024] AH01512: mod_mime_magic: can't read `/var/www/cgi-bin/hello.cgi'
[Wed Mar 26 17:08:22.089486 2014] [cgi:error] [pid 7760] [client ::1:59024] AH01215: (13)Permission denied: exec of '/var/www/cgi-bin/hello.cgi' failed
[Wed Mar 26 17:08:22.090045 2014] [cgi:error] [pid 7760] [client ::1:59024] End of script output before headers: hello.cgi
From here:
The problem is the security of SELinux is preventing mod_mime_magic access to the testprogram.
This happens when context of the program (in this case testprogram) does not match the directory.
To change to the appropriate context, use the UNIX command "chcon".
Read the following article for details: Apache and SELinux