You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Theo Belder <T....@trends.nl> on 2015/03/10 17:09:44 UTC

[users@httpd] Location directive not working when using php-fpm (via mod_fastcgi)

Hello,

I am facing to an issue in my virtualhost config. It looks like
mod_fastcgi causes the issue.
I've configured a virtualhost which should be completely restricted with
a SSL client certificate, except one location (/Public).

Apache version: httpd-2.2.15-39.el6.centos.x86_64
PHP version: php56w-fpm-5.6.4-1.w6.x86_64

My configuration in my virtualhost:
<Location ~ ^/(?!Public)>
        SSLRequireSSL
        SSLVerifyClient require
        SSLVerifyDepth 10
        SSLOptions +StdEnvVars -ExportCertData
</Location>

I've done a couple of tests using mod_fastcgi:
Requesting https://myserver.mycompany.com/MyWorkspace, the server is
requesting SSL client certicate -> Works as designed.
Requesting https://myserver.mycompany.com/Public/index.html, the server
is not requesting SSL client certicate -> Works as designed.
Requesting https://myserver.mycompany.com/Public/index.php, the server
is requesting SSL client certicate -> Works NOT as designed.

When I do the last test using mod_php, the server is not requesting for
a SSL client certificate, which is correct.

Is this normal behavior, or did I misconfigured something?

My config for mod_fastcgi is as follows:
LoadModule fastcgi_module modules/mod_fastcgi.so

<IfModule mod_fastcgi.c>
    DirectoryIndex index.php index.html index.shtml index.cgi
    AddHandler php5-fcgi .php
    Action php5-fcgi /php5-fcgi
    Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
    FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket
/dev/shm/php5-fpm.sock -pass-header Authorization

    # For monitoring status with e.g. Munin
    <LocationMatch "/(ping|status)">
        SetHandler php5-fcgi-virt
        Action php5-fcgi-virt /php5-fcgi virtual
    </LocationMatch>
</IfModule>


Best regards,
Theo Belder

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org