.htaccess file not loaded for PHP files

Question

I am trying to work out why my .htaccess is not being considered when loading a .php file. Below files sit in the webroot of my localhost.

.htaccess

# Cause a HTTP 500
test

file.html

<html><body><h1>This should not show</h1></body></html>

file.php

<html><body><h1>This should not show</h1></body></html>

when I access /index.html, I get the expected HTTP500 When I access /index.php, the html shows.

Any ideas why the .htaccess would not load for the PHP file?

Apache 2.4.6 VHost (/etc/httpd/vhosts.d/website.local.conf):

    <VirtualHost *:443>
        ServerName website.local
        ServerAlias www.website.local

        DocumentRoot /var/www/vhosts/website/website
        <Directory /var/www/vhosts/website/website>
                require all granted
                Options Indexes FollowSymLinks
                AllowOverride All
        </Directory>


        # Trigger PHP-FPM to run PHP execution
        <IfModule proxy_fcgi_module>
            ProxyPassMatch "^/(.*\.php(/.*)?)$" "unix:/var/www/vhosts/website/php-fpm.sock|fcgi://website/var/www/vhosts/website/website"
            DirectoryIndex index.php
        </IfModule>

        SSLEngine on
        SSLCertificateKeyFile /var/www/ssl/website.key
        SSLCertificateFile /var/www/ssl/website.crt


</VirtualHost>

There are no other vhost configurations for this site:

[root@localhost ~]# cat /etc/httpd/conf/*.conf | grep website.local
[root@localhost ~]# cat /etc/httpd/vhosts.d/*.conf | grep website.local
        ServerName website.local
        ServerAlias www.website.local
[root@localhost ~]#

Update 1:

I have enabled rewrite:trace3 loglevel following the .htaccess debug instructions from https://stackoverflow.com/questions/5641618/how-to-enable-loglevel-debug-on-apache2-server. It looks like the .htaccess file is not even considered by Apache when loading a PHP file:

Accessing "/file.html" - .HTAccess is loaded and HTTP500 returned as expected

==> /var/log/httpd/website-error_log <== 
[Thu Jul 07 09:36:02.651091 2016] [core:alert] [pid 2822] [client 10.128.3.189:56406] /var/www/vhosts/website/website/.htaccess: Invalid command 'test', perhaps misspelled or defined by a module not included in the server configuration

==> /var/log/httpd/website-access_log <==
10.128.3.189 - - [07/Jul/2016:09:36:02 +0100] "GET /wp-admin/ HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"

Accessing "file.php" - .HTAccess is not loaded and HTTP200 returned

==> /var/log/httpd/website-access_log <==
10.128.3.189 - - [07/Jul/2016:09:38:41 +0100] "GET /file.php HTTP/1.1" 200 64057 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
10.128.3.189 - - [07/Jul/2016:09:38:41 +0100] "GET /file.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2524 "https://www.website.local/file.php" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
10.128.3.189 - - [07/Jul/2016:09:38:41 +0100] "GET /file.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2146 "https://www.website.local/file.php" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"

Accessing "file.jpg" - .HTAccess is loaded and HTTP500 returned as expected

==> /var/log/httpd/website-error_log <==
[Thu Jul 07 09:43:08.403263 2016] [core:alert] [pid 2827] [client 10.128.3.189:56551] /var/www/vhosts/website/website/.htaccess: Invalid command 'sfdgsaga', perhaps misspelled or defined by a module not included in the server configuration

==> /var/log/httpd/website-access_log <==
10.128.3.189 - - [07/Jul/2016:09:43:08 +0100] "GET /file.jpg HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"

I'm not aware of any configuration that would disallow .htaccess for specific file/mime types.. could it be a matter of in which order the modules are loaded?

Update 2: Cleaned up the vhost file above

Update 3: Problem only appears when PHP-FPM is configured Removing the below code from the configuration no longer skips the .htaccess files

<IfModule proxy_fcgi_module>
ProxyPassMatch "^/(.*\.php(/.*)?)$" "unix:/var/www/vhosts/website/php-fpm.sock|fcgi://website/var/www/vhosts/website/website"
DirectoryIndex index.php
</IfModule>

Update 4: Kudos to @w3d for pointing this out. Internally proxying the request is going to skip the .htaccess file. Of course it does. I have updated my VHost file to the below, following the answer from this thread: Apache 2.4 + PHP-FPM + ProxyPassMatch

<VirtualHost *:443>
        ServerName website.local
        ServerAlias www.website.local

        DocumentRoot /var/www/vhosts/website/website
        <Directory /var/www/vhosts/website/website>
require all granted
                Options Indexes FollowSymLinks
                AllowOverride All



        </Directory>

        ErrorLog "logs/website-error_log"
        CustomLog "logs/website-access_log" combined env=!forwarded
        CustomLog "logs/website-access_log" proxy env=forwarded



        # Proxy set-up as per
        # https://serverfault.com/questions/450628/apache-2-4-php-fpm-proxypassmatch
        # This is to forward all PHP to php-fpm.
        <FilesMatch \.php$>
           SetHandler "proxy:unix:/var/www/vhosts/website/php-fpm.sock|fcgi://website/"
        </FilesMatch>

         # Set some proxy properties (the string "unique-domain-name-string" should match
         # the one set in the FilesMatch directive.
         <Proxy fcgi://website>
           ProxySet connectiontimeout=5 timeout=240
         </Proxy>
        DirectoryIndex /index.php index.php

        # If the php file doesn't exist, disable the proxy handler.
         # This will allow .htaccess rewrite rules to work and
         # the client will see the default 404 page of Apache
         RewriteCond %{REQUEST_FILENAME} \.php$
         RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
         RewriteRule (.*) - [H=text/html]

        SSLEngine on
        SSLCertificateKeyFile /var/www/ssl/website.key
        SSLCertificateFile /var/www/ssl/website.crt


</VirtualHost>

What does the vhost config file look like exactly? And this is Apache, which version? — JayMcTee, Jul 06 '16 at 12:56
@JayMcTee Thank you! Updated the description with the details — laurent, Jul 06 '16 at 13:47
Is the `.php` file successfully parsed by PHP? Try (temporarily) removing the entire `` section? — MrWhite, Jul 13 '16 at 17:27
@w3d Thanks for the tip. I tried this and it didn't help. HOWEVER I removed the section under it, i.e. the PHP-FPM configuration. — laurent, Jul 18 '16 at 14:43
Since you have access to the server config, do you need to use .htaccess? It would seem logical that internally proxying the request is going to skip the .htaccess file. — MrWhite, Jul 18 '16 at 16:51
That would probably solve the problem, however we will be deploying the site to different servers and I'd like to keep the .htaccess free from any server-specific directives (i.e. expecting .sock files to be in certain directories, etc). — laurent, Jul 20 '16 at 16:48
Unix sockets are not available until Apache HTTP Server 2.4.10 and later. NOTE: Although the documentation repeatedly says 2.4.7, this is not true. The change logs indicate 2.4.9. which was never released, hence 2.4.10 is the correct version. Prior to this, you have to use a "port" configuration with your `ProxyPassMatch`. Unless you are using a backported version 2.4.6, I can't see how you are going to make this work. — Colt, Jul 21 '16 at 00:27
@Colt Thanks for pointing this out. I am on HTTP 2.4.6 but it seems to work OK? — laurent, Jul 22 '16 at 14:01
Found the answer here: http://serverfault.com/questions/450628/apache-2-4-php-fpm-proxypassmatch — laurent, Jul 23 '16 at 15:14

score 0 · Answer 1 · answered Jul 06 '16 at 14:41

0

This part of vhosts configuration is relevant when you access that website with https, you should have another instance in vhosts , can you look again and update your post?

answered Jul 06 '16 at 14:41

RonanW.

419
2
6

The site is configured to be HTTPS only, so this is the only piece of vhost config! (Nobody will be able to connect to the site on Port 80) – laurent Jul 06 '16 at 14:59

score 0 · Accepted Answer · edited Apr 13 '17 at 12:14

0

Kudos to @w3d for pointing this out. Internally proxying the request is going to skip the .htaccess file. Of course it does. I have updated my VHost file to the below, following the answer from this thread: Apache 2.4 + PHP-FPM + ProxyPassMatch

edited Apr 13 '17 at 12:14

Community

1

answered Jul 23 '16 at 15:15

laurent

11
4

.htaccess file not loaded for PHP files

2 Answers2