[FASTCGI] FastCGIExternalServer, path used actually has to exist

Rob rclemley at yahoo.com
Sat Sep 4 12:09:12 EDT 2010


I didn't say this is a bug.  I said I confirmed the behavior.

It's not clear to me that this is a bug because this behavior
depends on how apache resolves the URL to an internal
filename.  I suspect that possibly a "Directory" directive
in apache on the Alias directory might allow subdirectories
in the Alias to be accessed as a FastCGIExternalServer path,
but I can't verify that right now.  Maybe on Tuesday.

In other words, this may be a normal feature of apache
to disallow access to files outside the approved namespaces.


On 09/03/2010 12:50 PM, Alex Cartwright wrote:
> So is this a bug in fastcgi, or with Apache?
>
> On Friday 03 September 2010 18:03:43 Rob wrote:
>   
>>   I can confirm that a slash in the FastCgiExternalServer path and
>> corresponding Alias directives does cause the file not found error.
>>
>> It's not clear to me, but it seems the interpretation takes place in
>> the apache2 aliasing modules.
>>
>> In the working example config below, If I change the
>> "/myapp.rob.example.com"
>> to "/myapp.rob.example.com/XXX, then  I see the apache2 error.log message:
>>
>>     [error] [client 127.0.1.1] File does not exist: /myapp.rob.example.com
>>
>> <VirtualHost *:80>
>>    ServerName rob.example.com
>>    AliasMatch ^/(.*) /myapp.rob.example.com
>> </VirtualHost>
>>
>> FastCgiExternalServer /myapp.rob.example.com  -socket
>> /var/run/myapp/sockets/rob.example.com
>>
>> The FastCGI app is written in C++ linking only with libfcgi (no libcgi++,
>> we wrote our own C++ class wrappers).
>>
>> Ubuntu Lucid
>> Linux 2.6.32-24-generic-pae #42-Ubuntu SMP i686 GNU/Linux
>> apache2    2.2.14-5ubuntu8.2
>> apache2-mpm-worker    2.2.14-5ubuntu8.2
>> apache2-utils    2.2.14-5ubuntu8.2
>> apache2.2-bin    2.2.14-5ubuntu8.2
>> apache2.2-common    2.2.14-5ubuntu8.2
>> libapache2-mod-fastcgi    2.4.6-1
>> libfcgi-dev    2.4.0-7.1ubuntu1
>> libfcgi0ldbl    2.4.0-7.1ubuntu1
>>
>> On 09/03/2010 08:40 AM, Alex Cartwright wrote:
>>     
>>> Sorry, forgot to reply to all instead, here is the message again!
>>>
>>> Ah ok, I've removed the Options line now, thanks for that.
>>>
>>> Apache error log was showing me the following if the directory did not 
>>>       
> exist:
>   
>>>         File does not exist: /home/foobar/fcgi
>>>
>>> and when the file did not exist:
>>>         File does not exist: /home/foobar/fcgi/php53-fpm
>>>
>>> However, I have got it working now with a different configuration, but
>>> I still have some issues I'd like to discuss - here is my new config:
>>>
>>> <VirtualHost *:80>
>>>
>>>         ServerName foo.example.com
>>>         
>>>         SuexecUserGroup foobar foobar
>>>         
>>>         ErrorLog /var/log/apache2/vhosts/foo.example.com_error.log
>>>         CustomLog /var/log/apache2/vhosts/foo.example.com_access.log
>>>         combined DocumentRoot
>>>         /home/foobar/domains/foo.example.com/public
>>>         
>>>         ## FastCGI + PHP-FPM
>>>         AddHandler application/x-httpd-php .php
>>>         Action application/x-httpd-php /fcgi-bin/php-fpm
>>>         Alias /fcgi-bin/php-fpm /fcgi-extsrvs-phpfpm
>>>         
>>>         <Location /fcgi-bin/php-fpm>
>>>         
>>>                 Order Deny,Allow
>>>                 Deny from all
>>>                 Allow from env=REDIRECT_STATUS
>>>         
>>>         </Location>
>>>         
>>>         FastCGIExternalServer /fcgi-extsrvs-phpfpm -socket
>>>
>>> /var/opt/php53/run/www.sock -user foobar -group foobar
>>>
>>>         <Directory /home/foobar/domains/foo.example.com/public>
>>>         
>>>                 Options FollowSymLinks
>>>                 AllowOverride AuthConfig FileInfo Limit Options=Indexes
>>>                 
>>>                 Order Deny,Allow
>>>                 Allow from all
>>>         
>>>         </Directory>
>>>
>>> </VirtualHost>
>>>
>>> This works just fine, but if I change 'Alias /fcgi-bin/php-fpm
>>> /fcgi-extsrvs-phpfpm' to 'Alias /fcgi-bin/php-fpm
>>> /fcgi-extsrvs/phpfpm' and 'FastCGIExternalServer /fcgi-extsrvs-phpfpm
>>> ...' to 'FastCGIExternalServer /fcgi-extsrvs/phpfpm ....' (note the -
>>> replace with a / in fcgi-extsrvs-phpfpm) then I get the following
>>>
>>> Apache errors:
>>>         File does not exist: /fcgi-extsrvs
>>>
>>> Doing that simple change (replacing a - with /) results in a 404
>>> error. Is a slash not allowed? That is something which has confused
>>> me.
>>>
>>> Regards
>>>
>>> On 3 September 2010 13:37, Rénald Casagraude<rcasagraude at interfaces.fr>  
>>>       
> wrote:
>   
>>>> Hi,
>>>> On 3 sept. 2010, at 13:56, Alex Cartwright wrote:
>>>>
>>>> This is the configuration that I am currently using, which is to use
>>>> Apache2 with mod_fastcgi and PHP 5.3.3 with FPM
>>>>
>>>> $ cat /etc/apache2/mods-available/fastcgi.conf
>>>> /etc/apache2/sites-available/foo.example.com
>>>> <IfModule mod_fastcgi.c>
>>>>
>>>>         FastCgiWrapper /usr/lib/apache2/suexec
>>>>         
>>>>         ## PHP-FPM
>>>>         AddHandler php53-fpm .php
>>>>         Action php53-fpm /fcgi-bin/php53-fpm
>>>>         <Location /fcgi-bin/php53-fpm>
>>>>         
>>>>                 Order Deny,Allow
>>>>                 Deny from all
>>>>                 Allow from env=REDIRECT_STATUS
>>>>                 Options ExecCGI
>>>>         
>>>>         </Location>
>>>>
>>>> </IfModule>
>>>>
>>>>
>>>> Remove the Options ExecCGI that does not make sense in external calls
>>>>
>>>> This works just fine, and I can run PHP scripts through php-fpm.
>>>> However I have had to create the file "/home/foobar/fcgi/php53-fpm"
>>>> which contains nothing.
>>>>
>>>> What happens if the file does not extsts ?
>>>> Regards,
>>>> Rénald
>>>>         
>>> _______________________________________________
>>> FastCGI-developers mailing list
>>> FastCGI-developers at mailman.fastcgi.com
>>> http://mailman.pins.net/mailman/listinfo.cgi/fastcgi-developers
>>>       
>> _______________________________________________
>> FastCGI-developers mailing list
>> FastCGI-developers at mailman.fastcgi.com
>> http://mailman.pins.net/mailman/listinfo.cgi/fastcgi-developers
>>     
> _______________________________________________
> FastCGI-developers mailing list
> FastCGI-developers at mailman.fastcgi.com
> http://mailman.pins.net/mailman/listinfo.cgi/fastcgi-developers
>
>   




More information about the FastCGI-developers mailing list