I recently set up a new webhosting server at work on a Debian Stretch system using Apache 2.4 and PHP7 via proxy_fcgi
and php-fpm
.
It worked fine in the testing stages, but the first customer is using a Moodle website which makes extensive use of so-called 'slash arguments' (IE, requests to, say, index.php/these/are/parameters/
).
Following the instructions on moodle's website I tried setting AcceptPathInfo
to On, and even tried disabling security_limit_extensions
in PHP, but so far nothing seems to be working.
Relevant configs are pasted below. I'm pretty positive I missed something simple somewhere, but I've run out of ideas where to look.
(Note: Regular php works fine; slash arguments do not. When setting cgi.fix_pathinfo
to 0 asking for https://www.domain.nl/lib/javascript.php/foo/bar
results in "No input file specified"; setting it to 1 results in "No valid Javascript files found" which at least suggests that the script is called but the arguments aren't passed correctly into the proxy...)
Apache:
<VirtualHost *:443>
ServerName www.domain.nl
ServerAlias domain.nl new.domain.nl
DocumentRoot /home/webclients/www.domain.nl/public_html/
Alias /cgi-bin/ /home/webclients/www.domain.nl/cgi-bin/
CustomLog /var/log/apache2/www.domain.nl/access.log combined
ErrorLog /home/webclients/www.domain.nl/logs/error.log
TransferLog /home/webclients/www.domain.nl/logs/access.log
ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/var/run/php-fpm/domain.sock|fcgi://localhost/home/webclients/www.domain.nl/public_html
SSLOptions +StdEnvVars
<IfModule mod_suexec.c>
SuExecUserGroup domain webclients
</IfModule>
<Directory /home/webclients/www.domain.nl/public_html/>
AllowOverride All
AcceptPathInfo On
Require all granted
</Directory>
SSLEngine on
# LogLevel info
SSLCertificateFile /etc/ssl/certs/www.domain.nl.pem
SSLCertificateKeyFile /etc/ssl/private/www.domain.nl.key
SSLCACertificateFile /etc/ssl/intermediate/intermediate-rapidssl-rsacag1.pem
# Enable HSTS
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
</VirtualHost>
# vim:syntax=apache
php-fpm pool file:
[domain]
prefix=/
include=/etc/php/7.0/fpm/pool.d/defaults
php_admin_value[error_log] = /home/webclients/www.domain.nl/logs/php-error.log
php_admin_value[cgi.fix_pathinfo] = 0
security.limit_extensions =