My experience with Apache 2.2, fcgi...

1ONE · Oct 12, 2007

Hello,

Yesterday I successfully upgraded Apache from 1.3 to 2.2

I have manage to build apache with new modules like : new mod_security, mod_bandwith, uniqueid, suphp (replacement for phpsuexec), etc.

Problems on what I encountered are :

1. php_flags on users .htaccess - my users can't use php_flags anymore, instead they can place they're own php.ini in public_html (correct me if I'm wrong) and use they're custom php settings. If your users use php_flags it will result Internal server error.

2. suphp and fcgi - If you are using suphp or fcgi and your users use files chmoded to 777 or 666, you must change files to 644 and folders to 755 or else you will get Internal server error. I have manage to write few lines which will automatically chmod folders and files :

Files :
Code:
REMOVED by MODS as this may break your server, see next post.
Folders :
Code:
find /home/*/public_html -type d -exec chmod 755 {} \;
3. Mod_security 2 - With apache2 you can add new mod_security module, and you need new rulset since they are changed from version 1. You can find ruleset in attachment. I found this ruleset here on forum, but I can't find link anymore , so I'm posting it here in my post.

I had to do those stuff and everything is ok for now. I will replay if I encounter any other problem.

Please post you experience.

manokiss · Oct 12, 2007

hi, thanx to share your experience we havent upgraded yet....let me say that running the command:

find /home/*/public_html -type f -exec chmod 644 {} \;

you could skrew up perl scripts, that command will change chmod to any file no matter if is a php or not, you coudl use:

find /home/*/public_html -name '*.php' -o -name '*.php[34]' -o -name '*.phtml'| xargs chmod -v 644

About each user php.ini, did you test it? With php suexec is the way that is running but i did read in many other posts that peple upgraded to suphp lost this ability, could you confirm please?

Also do you run more than php version together?

Thanx!

1ONE · Oct 12, 2007

find /home/*/public_html -name '*.php' -o -name '*.php[34]' -o -name '*.phtml'| xargs chmod -v 644
Click to expand...

Tnx.

About each user php.ini, did you test it? With php suexec is the way that is running but i did read in many other posts that peple upgraded to suphp lost this ability, could you confirm please?
Click to expand...

I will try this. I'm setting permissions at this moment

Also do you run more than php version together?
Click to expand...

I don't use php4 for almost a year now, and I have around 900 domains per server.

1ONE · Oct 13, 2007

I just encounter one problem. In WHM under "Configure PHP and SuExec" I changed my PHP 5 Handler to fcgi, and now I can't access to hostname/~username for domains that are not pointed to server.

In my error_log I have this :

[Sat Oct 13 09:36:47 2007] [notice] mod_fcgid: call /home/username/public_html/index.php with wrapper /usr/local/cpanel/cgi-sys/php5
[Sat Oct 13 09:36:47 2007] [info] mod_fcgid: server /home/username/public_html/index.php(7871) started
suexec policy violation: see suexec log for more details
[Sat Oct 13 09:36:47 2007] [warn] (104)Connection reset by peer: mod_fcgid: read data from fastcgi server error.
[Sat Oct 13 09:36:47 2007] [error] [client 78.0.10.65] Premature end of script headers:
Click to expand...

In suexec log I don't have detailed information about this problem. I would appreciate some help

manokiss · Oct 13, 2007

Did you open a ticket?, i highly recommend it.

asiams · Oct 13, 2007

How did you fix php flag problem?

1. php_flags on users .htaccess - my users can't use php_flags anymore, instead they can place they're own php.ini in public_html (correct me if I'm wrong) and use they're custom php settings. If your users use php_flags it will result Internal server error.
Click to expand...

How did you fix the php_flag problem for .htaccess?

I have same problem and would like to know how you did it?

Thanks.

asiams

manokiss · Oct 14, 2007

You should not use php flags in .htaccess in a suexec php....instead use the php.ini file with the php variables on it.

InterServed · Oct 14, 2007

Note that php_flag does not work with Apache 2. Neither does on / off — you must use 0 (off) or 1 (on).

For example enable register_globals on (apache2) / .htaccess :
php_value register_globals 1

manokiss · Oct 14, 2007

InterServed said: ↑

Note that php_flag does not work with Apache 2. Neither does on / off — you must use 0 (off) or 1 (on).

For example enable register_globals on (apache2) / .htaccess :
php_value register_globals 1
Click to expand...

Only if you are running php as a apache module, that do not work in suexec.

katmai · Oct 15, 2007

how about mod_evasive? any ideas if there is anything similar for apache 2.2 ?

asiams · Oct 15, 2007

Where can I find php.ini file for each customer?

You should not use php flags in .htaccess in a suexec php....instead use the php.ini file with the php variables on it.
Reply With Quote
Click to expand...

Can a customer access to php.ini file from Cpanel?

If not .htaccess, is this feature safe?

Where can I find all of the php config features for Apache 2.2?

Thanks.

asiams

jdlightsey · Oct 15, 2007

1ONE said: ↑

I just encounter one problem. In WHM under "Configure PHP and SuExec" I changed my PHP 5 Handler to fcgi, and now I can't access to hostname/~username for domains that are not pointed to server.
Click to expand...

The CGI and FCGI configurations aren't going to work with ~userdir requests without disabling Suexec in the WHM interface and moving the suexec binary away from /usr/local/apache/bin/suexec.

The FastCGI setup is just a simple baseline configuration that needs to be tweaked for the needs of the server. The CGI setup is intended as a fallback when the other preferrable setups (DSO or SuPHP) aren't options.

1ONE · Oct 16, 2007

Tnx!

I'm now using DSO, and I have php_flags in .htaccess!

If you are using suphp then you have to place php.ini in your public_html. This php.ini must ONLY contains lines that you need example :

register_globals on
some_other_value off
some_other_value2 12M

user php.ini should not contain "all php.ini" file !

I'm satisfied with DSO, but I can't see what my users are doing Is there any fix for this in DSO mode?

vittle · Oct 16, 2007

jdlightsey said: ↑

The CGI and FCGI configurations aren't going to work with ~userdir requests without disabling Suexec in the WHM interface and moving the suexec binary away from /usr/local/apache/bin/suexec.

The FastCGI setup is just a simple baseline configuration that needs to be tweaked for the needs of the server. The CGI setup is intended as a fallback when the other preferrable setups (DSO or SuPHP) aren't options.
Click to expand...

We have PHP compiled as a FastCGI with phpsuexec and suexec enabled, but Apache is v1.3.3.9... and the hostname/~username works... thus, how come it won't work in the new Apache 2 version, did something else change?

PPNSteve · Oct 16, 2007

1ONE said: ↑

Hello,

...

3. Mod_security 2 - With apache2 you can add new mod_security module, and you need new rulset since they are changed from version 1. You can find ruleset in attachment. I found this ruleset here on forum, but I can't find link anymore , so I'm posting it here in my post.

I had to do those stuff and everything is ok for now. I will replay if I encounter any other problem.

Please post you experience.
Click to expand...

OK tried that mod_security rule set you posted, and apache wouldn't restart.. not sure why (or which rule was crashing it.)

Anyone else have a WORKABLE and good 2.0 ruleset for a production cPanel box?

stormrider · Jan 31, 2008

Sorry for posting after 3 months but this topic talks exactly about what i need.

I'm just checking if someone know how to find php_flags on .htaccess files and tell where this .htaccess are.

So i'll able to make this changes for my users instead of letting their site down.

Thanks.

dexus · Feb 3, 2008

You can use following command...
Code:
find /home -name '.htaccess' -exec grep -i 'php_' {} \; -print

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

My experience with Apache 2.2, fcgi...

1ONE Member

Attached Files:

modsec2.user.zip

manokiss Well-Known Member

1ONE Member

1ONE Member

manokiss Well-Known Member

asiams Well-Known Member

manokiss Well-Known Member

InterServed Well-Known Member

manokiss Well-Known Member

katmai Well-Known Member

asiams Well-Known Member

jdlightsey Perl Developer III Staff Member

1ONE Member

vittle Member

PPNSteve Well-Known Member

stormrider Member

dexus Well-Known Member

Does anyone have experience installing Mailman 3 along side cPanel

WordPress experience research

CXS (Config Server) experience?

PHP accelerator, any experience ?

SOLVED Peer reports it experienced an internal error. Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

My experience with Apache 2.2, fcgi...

1ONE Member

Attached Files:

modsec2.user.zip

manokiss Well-Known Member

1ONE Member

1ONE Member

manokiss Well-Known Member

asiams Well-Known Member

manokiss Well-Known Member

InterServed Well-Known Member

manokiss Well-Known Member

katmai Well-Known Member

asiams Well-Known Member

jdlightsey Perl Developer III Staff Member

1ONE Member

vittle Member

PPNSteve Well-Known Member

stormrider Member

dexus Well-Known Member

Does anyone have experience installing Mailman 3 along side cPanel

WordPress experience research

CXS (Config Server) experience?

PHP accelerator, any experience ?

SOLVED Peer reports it experienced an internal error. Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

Share This Page