AH01071: Got error 'Primary script unknown\n' apache2.4 php-fpm7.2

Question

I seem to be getting these lines in my /var/log/apache2/error.log and the corresponding records in /var/log/apache2/access.log

/var/log/apache2/error.log

[Fri Sep 20 02:28:36.654357 2019] [proxy_fcgi:error] [pid 28619:tid 140003157985024] [client 49.233.5.191:37604] AH01071: Got error 'Primary script unknown\n'
[Fri Sep 20 02:28:38.136282 2019] [proxy_fcgi:error] [pid 28618:tid 140003082450688] [client 49.233.5.191:43806] AH01071: Got error 'Primary script unknown\n'

/var/log/apache2/access.log

49.233.5.191 - - [20/Sep/2019:02:28:36 +0000] "GET /TP/html/public/index.php HTTP/1.1" 404 392 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
49.233.5.191 - - [20/Sep/2019:02:28:36 +0000] "GET /elrekt.php HTTP/1.1" 404 433 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"

Those files obviously do not exist so this seems like a bot scan from the ip location and the behavior. However, when i request another file that does not exist. I do not get the 'Got error 'Primary script unknown\n' errors in the /var/log/apache2/error.log file

php-fpm configuration

<IfModule !mod_php7.c>
<IfModule proxy_fcgi_module>
    # Enable http authorization headers
    <IfModule setenvif_module>
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>

    <FilesMatch ".+\.ph(ar|p|tml)$">
        SetHandler "proxy:unix:/run/php/php7.2-fpm.sock|fcgi://localhost"
    </FilesMatch>
    <FilesMatch ".+\.phps$">
        # Deny access to raw php sources by default
        # To re-enable it's recommended to enable access to the files
        # only in specific virtual host or directory
        Require all denied
    </FilesMatch>
    # Deny access to files without filename (e.g. '.php')
    <FilesMatch "^\.ph(ar|p|ps|tml)$">
        Require all denied
    </FilesMatch>
</IfModule>
</IfModule>

Is this something that i can do something about, configuration change maybe?

I know i can block the ip using iptables, i am more interested in getting rid of the log entry if possible by some configuration change.

Answer 1

…

Finally, I checked both services:

php-fpm7.3 -t
apachectl configtest

Since everything looked fine, I restarted them both:

systemctl restart php7.3-fpm
systemctl restart apache2

That simple.
Although I guess a reboot would have fixed this AH01071 as well.

Answer 2

In my recent default/standard setup of ubuntu 22.04 + apache 2.4 (ubuntu repo)(run php as FPM/FastCGI) + php-fpm 8.1 (ubuntu repo), loading a not exist php file have 404 in access log and "[Mon Aug 14 19:41:02.162415 2022] [proxy_fcgi:error] [pid 578412:tid 140622065954369] [client 172.18.26.14:32120] AH01071: Got error 'Primary script unknown'" in error log.

Browser shows "File not found." with http 404, not a standard apache error.

After googling, it should be caused by php interpreter processing a non-exist php file.

Solution: only pass exist php file to php interpreter (add If check).

# /etc/apache2/conf-available/php8.1-fpm.conf
<FilesMatch ".+\.ph(ar|p|tml)$">
    <If "-f %{REQUEST_FILENAME}">
        SetHandler "proxy:unix:/run/php/php8.1-fpm.sock|fcgi://localhost"
    </If>
</FilesMatch>

reference: https://stackoverflow.com/questions/27408285/how-to-make-apache-check-if-php-file-exists-before-passing-it-to-php-fpm

Answer 3

My issue on AWS (I use Elastic Beanstalk to run EC2 instances, and I recently upgraded to PHP 8.0.6) was solved by the following:

$ apachectl configtest  
Syntax OK

$ php-fpm -t  
ERROR: failed to open error_log (/var/log/php-fpm/error.log): Permission denied (13) 
ERROR: failed to post process the configuration 
ERROR: FPM initialization failed

$ sudo chmod 666 /var/log/php-fpm/error.log

I'm not sure why that error log was initialized by root, or more importantly, how to make it initialize with the correct user or permissions when new instances are spawned, but it's a start.