[pkg-lighttpd] Bug#597381: lighttpd: Too-greedy match for php scripts in 15-fastcgi-php.conf

Alexander E. Patrakov patrakov at gmail.com
Sun Sep 19 07:46:06 UTC 2010

Package: lighttpd
Version: 1.4.28-1
Severity: normal

To reproduce the issue, suppose that you are a developer of a web 
application. Your application is written in PHP, and you use Subversion 
to store the sources and the history of changes. You want to provide a 
demo site and a bugtracker. For a bugtracker, you choose Trac. And you 
decide to power the demo site and the bugtracker with Debian Squeeze and 

So, install lighttpd, trac, python-flup. Create the project environment 
with trac-admin. Then save the following configuration snippet as 

fastcgi.server += ("/trac" =>
           "socket" => "/tmp/trac-fastcgi.sock",
           "bin-path" => "/usr/share/pyshared/trac/web/fcgi_frontend.py",
           "check-local" => "disable",
           "max-procs" => 3,
           "bin-environment" => ("TRAC_ENV" => "/srv/trac/myproject")

and enable it with lighttpd-enable-mod fastcgi trac. Restart lighttpd. 
Hurrah, Trac works.

Now put your PHP scripts into the document root and enable PHP support 
in lighttpd: lighttpd-enable-mod php-fastcgi. Hurrah, the demo site 
works. But Trac shows a 404 error when you attempt to browse a source of 
a PHP script using its subversion browser, i.e., visit an URL like 

The URL looks like a PHP script, but it really isn't and thus should be 
passed to Trac, not to PHP. Please make sure that php-cgi eats only real 
PHP files, not all URLs ending in .php. Or, if this is impossible to do 
generally, add a comment to 15-fastcgi-php.conf with a warning about 
this issue and the actions the local admin has to do in order to resolve it.

-- System Information:
Debian Release: squeeze/sid
   APT prefers testing
   APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/4 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages lighttpd depends on:
ii  libattr1                1:2.4.44-2       Extended attribute shared 
ii  libbz2-1.0              1.0.5-4          high-quality block-sorting 
file co
ii  libc6                   2.11.2-5         Embedded GNU C Library: 
Shared lib
ii  libfam0                 2.7.0-17         Client library to control 
the FAM
ii  libldap-2.4-2           2.4.23-5         OpenLDAP libraries
ii  libpcre3                8.02-1.1         Perl 5 Compatible Regular 
ii  libssl0.9.8             0.9.8o-2         SSL shared libraries
ii  libterm-readline-perl-p 1.0303-1         Perl implementation of 
Readline li
ii  lsb-base                3.2-23.1         Linux Standard Base 3.2 
init scrip
ii  mime-support            3.48-1           MIME files 'mime.types' & 
ii  zlib1g                  1: compression library - runtime

Versions of packages lighttpd recommends:
ii  spawn-fcgi                    1.6.3-1    A fastcgi process spawner

Versions of packages lighttpd suggests:
ii  apache2-utils                 2.2.16-2   utility programs for webservers
ii  openssl                       0.9.8o-2   Secure Socket Layer (SSL) 
binary a
pn  rrdtool <none>     (no description available)

-- Configuration Files:
/etc/lighttpd/conf-available/15-fastcgi-php.conf: [changed only 
/etc/lighttpd/lighttpd.conf changed [not included]

-- no debconf information

Alexander E. Patrakov

More information about the pkg-lighttpd-maintainers mailing list