My experience with Apache 2.2, fcgi...

**1ONE** · 10-12-2007 12:30 PM

Hello,

Yesterday I successfully upgraded Apache from 1.3 to 2.2

I have manage to build apache with new modules like : new mod_security, mod_bandwith, uniqueid, suphp (replacement for phpsuexec), etc.

Problems on what I encountered are :

1. php_flags on users .htaccess - my users can't use php_flags anymore, instead they can place they're own php.ini in public_html (correct me if I'm wrong) and use they're custom php settings. If your users use php_flags it will result Internal server error.

2. suphp and fcgi - If you are using suphp or fcgi and your users use files chmoded to 777 or 666, you must change files to 644 and folders to 755 or else you will get Internal server error. I have manage to write few lines which will automatically chmod folders and files :

Files :

Code:

REMOVED by MODS as this may break your server, see next post.

Folders :

Code:

find /home/*/public_html -type d -exec chmod 755 {} \;

3. Mod_security 2 - With apache2 you can add new mod_security module, and you need new rulset since they are changed from version 1. You can find ruleset in attachment. I found this ruleset here on forum, but I can't find link anymore

, so I'm posting it here in my post.

I had to do those stuff and everything is ok for now. I will replay if I encounter any other problem.

Please post you experience.

**manokiss** · 10-12-2007 01:05 PM

hi, thanx to share your experience we havent upgraded yet....let me say that running the command:

find /home/*/public_html -type f -exec chmod 644 {} \;

you could skrew up perl scripts, that command will change chmod to any file no matter if is a php or not, you coudl use:

find /home/*/public_html -name '*.php' -o -name '*.php[34]' -o -name '*.phtml'| xargs chmod -v 644

About each user php.ini, did you test it? With php suexec is the way that is running but i did read in many other posts that peple upgraded to suphp lost this ability, could you confirm please?

Also do you run more than php version together?

Thanx!

**1ONE** · 10-12-2007 02:06 PM

find /home/*/public_html -name '*.php' -o -name '*.php[34]' -o -name '*.phtml'| xargs chmod -v 644

Tnx.

About each user php.ini, did you test it? With php suexec is the way that is running but i did read in many other posts that peple upgraded to suphp lost this ability, could you confirm please?

I will try this. I'm setting permissions at this moment

Also do you run more than php version together?

I don't use php4 for almost a year now, and I have around 900 domains per server.

**1ONE** · 10-13-2007 02:52 AM

I just encounter one problem. In WHM under "Configure PHP and SuExec" I changed my PHP 5 Handler to fcgi, and now I can't access to hostname/~username for domains that are not pointed to server.

In my error_log I have this :

[Sat Oct 13 09:36:47 2007] [notice] mod_fcgid: call /home/username/public_html/index.php with wrapper /usr/local/cpanel/cgi-sys/php5
[Sat Oct 13 09:36:47 2007] [info] mod_fcgid: server /home/username/public_html/index.php(7871) started
suexec policy violation: see suexec log for more details
[Sat Oct 13 09:36:47 2007] [warn] (104)Connection reset by peer: mod_fcgid: read data from fastcgi server error.
[Sat Oct 13 09:36:47 2007] [error] [client 78.0.10.65] Premature end of script headers:

In suexec log I don't have detailed information about this problem. I would appreciate some help

**manokiss** · 10-13-2007 10:26 AM

Did you open a ticket?, i highly recommend it.

**asiams** · 10-13-2007 08:28 PM

1. php_flags on users .htaccess - my users can't use php_flags anymore, instead they can place they're own php.ini in public_html (correct me if I'm wrong) and use they're custom php settings. If your users use php_flags it will result Internal server error.

How did you fix the php_flag problem for .htaccess?

I have same problem and would like to know how you did it?

Thanks.

asiams

**manokiss** · 10-14-2007 12:16 PM

You should not use php flags in .htaccess in a suexec php....instead use the php.ini file with the php variables on it.

**InterServed** · 10-14-2007 12:38 PM

Note that php_flag does not work with Apache 2. Neither does on / off — you must use 0 (off) or 1 (on).

For example enable register_globals on (apache2) / .htaccess :
php_value register_globals 1

**manokiss** · 10-14-2007 01:39 PM

Originally Posted by InterServed

Note that php_flag does not work with Apache 2. Neither does on / off — you must use 0 (off) or 1 (on).

For example enable register_globals on (apache2) / .htaccess :
php_value register_globals 1

Only if you are running php as a apache module, that do not work in suexec.

**katmai** · 10-15-2007 03:04 AM

how about mod_evasive? any ideas if there is anything similar for apache 2.2 ?

**asiams** · 10-15-2007 06:46 AM

You should not use php flags in .htaccess in a suexec php....instead use the php.ini file with the php variables on it.
Reply With Quote

Can a customer access to php.ini file from Cpanel?

If not .htaccess, is this feature safe?

Where can I find all of the php config features for Apache 2.2?

Thanks.

asiams

**jdlightsey** · 10-15-2007 10:40 AM

Originally Posted by 1ONE

I just encounter one problem. In WHM under "Configure PHP and SuExec" I changed my PHP 5 Handler to fcgi, and now I can't access to hostname/~username for domains that are not pointed to server.

The CGI and FCGI configurations aren't going to work with ~userdir requests without disabling Suexec in the WHM interface and moving the suexec binary away from /usr/local/apache/bin/suexec.

The FastCGI setup is just a simple baseline configuration that needs to be tweaked for the needs of the server. The CGI setup is intended as a fallback when the other preferrable setups (DSO or SuPHP) aren't options.

**1ONE** · 10-16-2007 04:58 AM

Tnx!

I'm now using DSO, and I have php_flags in .htaccess!

If you are using suphp then you have to place php.ini in your public_html. This php.ini must ONLY contains lines that you need example :

register_globals on
some_other_value off
some_other_value2 12M

user php.ini should not contain "all php.ini" file !

I'm satisfied with DSO, but I can't see what my users are doing

Is there any fix for this in DSO mode?

**vittle** · 10-16-2007 09:38 AM

Originally Posted by jdlightsey

The CGI and FCGI configurations aren't going to work with ~userdir requests without disabling Suexec in the WHM interface and moving the suexec binary away from /usr/local/apache/bin/suexec.

The FastCGI setup is just a simple baseline configuration that needs to be tweaked for the needs of the server. The CGI setup is intended as a fallback when the other preferrable setups (DSO or SuPHP) aren't options.

We have PHP compiled as a FastCGI with phpsuexec and suexec enabled, but Apache is v1.3.3.9... and the hostname/~username works... thus, how come it won't work in the new Apache 2 version, did something else change?

**PPNSteve** · 10-16-2007 01:08 PM

Originally Posted by 1ONE

Hello,

...

3. Mod_security 2 - With apache2 you can add new mod_security module, and you need new rulset since they are changed from version 1. You can find ruleset in attachment. I found this ruleset here on forum, but I can't find link anymore

, so I'm posting it here in my post.

I had to do those stuff and everything is ok for now. I will replay if I encounter any other problem.

Please post you experience.

OK tried that mod_security rule set you posted, and apache wouldn't restart.. not sure why (or which rule was crashing it.)

Anyone else have a WORKABLE and good 2.0 ruleset for a production cPanel box?

LinkBack

Thread Tools

My experience with Apache 2.2, fcgi...

How did you fix php flag problem?

Where can I find php.ini file for each customer?

PHP 5.2.14, Apache 2.2, FastCGI/FCGI problem, error 403 Forbidden [Case 45240]

PHP5 + Apache using fcgi working, phpinfo problem

FCGI + mpm_worker

Apache 2.2, FCGI and mod_userdir