How i show full list of running php sripts on linux server? I see only httpd service, or PID but not specific php file source, i need analyze what script take more memory and fixed it. Thanks
You have two options:
Log all URLs that are requested from your server and that end up in PHP scripts being executed
You can use a PHP feature, which allows you to add a PHP script to any Apache request that is sent to PHP. You enable it by adding this to your root .htaccess:
php_value auto_prepend_file append.php
In append.php you add a logging feature, where you can insert the URL requested, the time it took to generate the response and the max memory used. If you add this to a TAB separated file, you could import it in a DB table and see what is really happening on your server.
More info here: http://www.electrictoolbox.com/php-automatically-append-prepend/
Debug what Apache is doing, using strace
You basically start Apache with strace. This will debug what operations Apache and subsequently PHP are doing. Watch out, as there is a lot of noise in the debug output.
More info here: http://bobcares.com/blog/?p=103
Related
I am hoping you all can help me out a little. I have spent about 7 hours trying to find an answer and have tried many things so far.
I have a PHP script that is used to sync files/database data between 2 servers. Before you guys ask this process is necessary for this project and must stay in place.
The script basically finds all files in a directory that have changed in the last 72 hours and SFTPs them to the other server, replacing any files needed. It then creates a copy of the backing database, removes certain tables/rows, changes others and exports a .sql file. It then SFTPs this .sql file to the other server and calls an include on a file on the 2nd server that imports the .sql file replacing the existing database with updated data.
All of this works...
The issue is that no matter what changes I make to the Apache config the script always gives me a 503 error after 30 seconds, every time (between 30.02 and 30.04 seconds to be precise). However, the PHP script continues to run and successfully completes all operations, including writing to the log file, in about 60-61 seconds. There is nothing in the Apache logs referencing any kind of error at all either.
I have checked all .conf files used and none of them mention a 30 second timeout. In my httpd.conf I have added these lines:
TimeOut 300
ProxyTimeOut 300
KeepAlive On
KeepAliveTimeout 60
I also have set the max_execution_time and memory_limit on the php script to 120 and 2048M, respective, to be sure to rule that out during testing.
The page is supposed to display a success message to the user with a report of what was changed/updated. However with the 503 error I am not able to do this. So I am looking to get rid of this 503 limitation so it can properly display the end result of the sync. I am not too familiar with Apache configuration to be honest so any help/ideas on what would cause this/where to look would be much appreciated!
Thanks in advance!
After trying many, many things I was able to find out what the specific cause was. It turns out this was caused by the proxy timing out. Here is a link to the answer that explained what to add to the vhost conf file.
In short, here is the answer for future visitors:
For the latest versions of httpd and mod_proxy_fcgi you can simply add
timeout= to the end of the ProxyPassMatch line, e.g.:
ProxyPassMatch ^/(.+\.php.*)$ fcgi://127.0.0.1:9000/<docroot>/$1 timeout=1800
For older versions it was a little more complicated,
e.g.:
<Proxy fcgi://127.0.0.1:9000>
ProxySet timeout=1800
</Proxy>
ProxyPassMatch ^/(.+\.php.*)$ fcgi://127.0.0.1:9000/<docroot>/$1
Not sure if you tried this, but I think you may need to adjust max_execution_time in the php.ini that Apache uses. On many distributions it defaults to 30.
http://php.net/manual/en/info.configuration.php#ini.max-execution-time
My company has a large hosting, but it’s not managed by us, we don't see configuration files, but I want to reply this feature on our local test server.
I’m new in my company and want to start some debug of applications to fix some minors and majors issues to clients, but the amount of files is so big that single error_file is huge.. and there are many people working on this so each time I check log (like 30 secs to 1 min) has hundreds of added lines.
I don’t know if this is set up on Apache, through .htaccess files or in php.ini.
I am talking about PHP errors, but I don't know if this is set in PHP, Apache, or maybe using a third-party library.
I'm not talking about setting a specific folder error_log. I'm talking about if errors are logged in the scripts folder.
Example: I create a folder named test1. Inside it I make some buggy PHP script that throws some errors. When I run the script I can see an error_log file created in the folder. So it works on the fly.
I have tried to ask the hosting company support how they do this, but they haven’t answered me.
I don't know if maybe could be some kind of cPanel setting (BTW, the hosting support stuff doesn't understand this question either, but well.. usually level 1 of support can’t handle technical stuff).
I found it.
You have to set a directive in the php.ini file as follows, string "error_log". On the right side is the file name you want for the log,
error_log = error_log
This will generate a PHP error log in the folder where script executed are,
I'll try to explain.
Script test.php in folder /www/site/lib:
include "./db_conn.php";
If file db_conn.php is not located in the same directory, this will fire a warning and error. Usually this will be lead to the servers/vhost log, but using this directive you will get an error_log file under the /www/site/lib directory.
Why was I looking or this? Well, as I wrote, I'm working on a huge application, with thousands of files many fires warnings, notices, etc. I'm not the only one in the project and the site error_log file was so huge it was hard to keep tracking debug evolution for one or just some files. Now I just have to track the log from directories where I'm working.
You can manage the logs by adding this to your vhost or htaccess file
ErrorLog /path/to/a/writable/directory/error.log
For more information, have a look at this article on advanced PHP error handling via htaccess.
To do this in PHP, edit file php.ini and add the line
error_log = /path/to/where/you/want/your/php-errors.log
Then restart the web server. This should give you PHP errors, and only PHP errors, to that file. Provided, of course, that the scripts aren't written to throw away all errors.
To do it in Apache, you can use SetEnvIf to add an environment variable to any request ending in PHP, and then printing all logs with that particular environment variable. E.g.:
SetEnvIf Request_URI "\.php$" phplog
CustomLog /path/to/php.log env=phplog
To use this in multiple folders, make one environment variable per folder and one CustomLog per folder, like this:
SetEnvIf Request_URI "/folder1/.*\.php$" log_folder1
Customlog /path/to/folder1/php.log env=log_folder1
SetEnvIf Request_URI "/folder2/.*\.php$" log_folder2
Customlog /path/to/folder2/php.log env=log_folder2
I have installed XAMPP server on my system to be able to use PHP. But after installation, when I run any php script on the browser it does not run. I do not see any ouput. No checking the phpinfo() from local host I see that version 5.3.5 is installed
Even when running a a simple php file like where I echo a line;
I do not see anything on my browser. So, my question is do I need to make any configuration changes to my browser or system to get PHP running.
Put your scripts into /XAMPP/htdocs and then point your browser to: http://localhost/your_script.php
Your best bet is taking a look at your log files, and perhaps turning error reporting on. Put a simple script in your webroot that simply echo's a string, for example:
<?php echo "Hello World!";
with the above there is very little that can go wrong. Work from there. Take a look at your phpinfo, and see where your log files are located. Search for
error_log
for the path to your PHP error log file and maybe see if
display_errors
is on.
This is something that has a multitude of possibilities that can be the cause of your problem.
install phpxx-php which is used for creating dynamic web sites
check version of php using php -v
if you have php55 then use:
yum install php55-php.x86_64
Ensure to save file as .php ; e.g. index.php and not index.html
From Troublespy here are the reasons why php might not be working in the browser:
You did not download a local server
You are using the wrong version of php
You put your scripts in the wrong directory
You have a php error and the error didn't get printed
Your php code is wrong or incomplete
Make sure you check all reasons.
I have a Windows 7 laptop. I downloaded PHP 5.2.8. I downloaded Apache 2.2.
I ran the MSI for PHP install, which i know is not recommended but I tried multiple times the normal route without success.
I have apache running and it shows "Running all apache services". When i did the install i set it up for "localhost".
I checked the CGI checkbox in my control panel.
I placed a simple file, test.php , in C:\inetpub\wwwroot ... but when the file is double-clicked, it tries to download the file instead of opening it as a webpage.
I've been googling this for a couple of hours and cant find a suitable fix. I have cleared my cache, and still no luck.
I also set apache to listen on port 8080 just to be certain nothing else was using port 80 before hand.
Any Ideas??
Thanks!
update -- i was missing the php5apache2.dll ... i placed this in the PHP directory but still the same results. i have also tried browsing to the file location through IE which didnt change anything either unfortunately.
update again, - - DOH! - - didnt realize it was localhost/test.php or what the answer below was. when i do that, i get a server error page.. which is better than before i guess :)
Server Error in Application "DEFAULT WEB SITE"
HTTP Error 500.0 - Internal Server Error
An unknown FastCGI error occured
Module FastCgiModule
Notification ExecuteRequestHandler
Handler PHP
Error Code 0x8007010b
Requested URL http://localhost:80/test.php
Physical Path C:\inetpub\wwwroot\test.php
Logon Method Anonymous
Logon User Anonymous
Most likely causes:
•IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred.
•IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.
•IIS was not able to process configuration for the Web site or application.
•The authenticated user does not have permission to use this DLL.
•The request is mapped to a managed handler but the .NET Extensibility Feature is not installed.
when i try to start/run apache, it errors out. so when i run apache test configuration i get the following message:
httpd.exe: Syntax error on line 1 of C:/Apache/conf/httpd.conf: Cannot load C:/php/php5apache2_2.dll into server: The specified module could not be found.
However when i browse to that director, i do see that dll file there!! ugh...
ideas?
If you placed a file called test.php in C:\inetpub\wwwroot, then you would open your browser to http://localhost/test.php to try to execute the file.
The php5apache2.dll file needs to go in your module directory for apache, and you would need to add the appropriate apache config lines such as those below:
LoadModule php5_module "c:/path/to/php5apache2.dll"
AddHandler application/x-httpd-php .php
SetHandler application/x-httpd-php
After making those changes, you will need to restart apache.
Assuming you have PHP installed in Apache properly as mentioned in the other answers, it is possible the .php page is not sending the correct header. I have a .php file that emits a header with Content-Type: text/json, this is commonly used to provide a service for an Ajax client. The .php page should be sending Context-Type: text/html.
To determine if this is indeed the problem you can use wget with the -S option, or use developer tools in your browser. Take a look at this answer: Tool to view response headers
Double clicked? As in within explorer? If so, this won't open the page. You need to browse to the page. If you're within the directory listing for apache double clicking is not necessary.
As for setting up, if you're new your best bet is to use iis, easyphp, xampp, or some other variation
EasyPHP: http://www.easyphp.org/
Xampp: http://www.apachefriends.org/en/xampp.html
They'll get you running without the hassle
I am a PHP newbie and a have a php security question. Is it possible for somebody to get the source code of a php script file running on a server with default configuration? If so, what is the best way to be protected? I am asking this because I happened to download a php file when I requested a page from a site and what triggered my concerns. I think that maybe apache configuration was wrong and served that file to me like a simple file but I am not sure. Also what is the best place to keep "sensitive" data such as database or smtp configuration?
Thank you,
Alex
For the most sensitive information, I'd suggest putting it outside of your web root folder, and including it through "require" or "include". This way, even is some configuration gets botched on the server, the visitor will only get served the line "include('secret_stuff.php');" and not the actual script.
Exactly what David Dorward said but i would advise you take a look at the following patch(s) that would modify apache to not send source code's regards if there is a misconfiguration.
http://mirror.facebook.net/facebook/patches/ap_source_defense.patch
Patch like so:
cd apache-1.3.x
patch -p1 -i ap_source_defense.patch
More Patches from Facebook Development Team: http://mirror.facebook.net/facebook/patches/
The best way to protect your much needed source is to place them outside the public root directory, as if apache is running it will not be able to serve files directly from the folder up public_html
for example:
C:/server/apache/
C:/server/apache/htdocs/
C:/server/apache/htdocs/includes/
People can specifically view the files my going to
http://hostname.tld/includes/
but having the directory structure of:
C:/server/apache/
C:/server/apache/includes/
C:/server/apache/htdocs/
and then within
C:/server/apache/htdocs/index.php
you have
<?php
require_once('../includes/config.php');
?>
this should protect all major files bar the view file (index.php)
If the server is not configured to handle PHP files, then it will treat them like any other unknown file (and serve them as either text/plain or application/octet-stream.
PHP support is, as far as I know, always provided as an extension or external program (for CGI, FastCGI, etc) and never as a built in for an HTTP server.
If the server is properly configured to run PHP code, then people without direct access to the server cannot view the PHP source code. You don't have to do anything else.
It is only because that server was not configured to run PHP, and instead served it as text, that you could see the source.
If you have this line in your apache.httpd.conf file,
AddType application/x-httpd-php .php
Apache should deal with data, rather than showing them...
Also you need to start php services.
What you describe as "default configuration" is a webserver without php installed (or with php disabled). In these cases, it is certainly possible to download the php script.
Make sure php is installed (as it will be on ~100% of production php servers) and/or block access to your configuration file with an .htaccess file like this:
<FilesMatch "^config.php$">
Order allow,deny
Deny from all
</Files>
If you want to be extra-tricky (and work even on servers where .htaccess files are ignored), prefix the configuration file with .ht, like .ht.config.php. Most Apache(and some other webserver) configurations will refuse serving files beginning with .ht. However, in general, the only way you could be sure no webserver serves your file is to move it to a directory outside of the server's document directory. On most hosts you or your php script won't be able to access those though.
Your second problem are misconfigurations. There's not much you can do, albeit there might(?) be options to construct a rewriterule to prevent accidential accessibility.
The best prevention however is to keep all scripts outside of the DOCUMENT_ROOT. Just leave a single index.php there, and include all dependencies from there. This is also the best strategy to avoid leaking of configuration data (also don't use ini files for sensitive data, but always .php scripts).
Another worry are shared hosting servers however. All concurrent users on a server can read out your scripts (if not through PHP then via Perl/bash CGIs). Nothing you can do about that, unless you change to a professional hoster which supports running everthing through suexec and thus allowing individual permissions.
Well, "default configuration" is a vague term, but as long as the web server is configured to parse .php files through PHP, you should be fine from that angle. If your scripts themselves happen to parse other PHP files (for eg. a template system) then you need to make sure there aren't any loopholes in that too, since the PHP scripts have full access to your files on the server.
Assuming these are taken care of, you don't need to keep the "sensitive" data in any special place -- just put them in your .php files, but make sure all your scripts end in .php (for eg. config.inc.php) so that they are always parsed via PHP and not sent as plain text.