[php-maint] Impossible to use a cgi-bin wrapper using the default mod_php configuration in Squeeze (and probably SID)

Thomas Goirand zigo at debian.org
Sat Jul 2 08:19:11 UTC 2011 

Hi,

For my control panel DTC, I'm using php as apache module (eg:
libapache2-mod-php5). But for its hosted virtual host, I'm using sbox
which does a chroot + chuid + set limits to the target vhost before
executing PHP as cgi-bin within the chroot. This way, I don't need many
of the security issues bound to php in shared hosting, and I can as well
run python, perl and ruby scripts in a secure way (eg: customer not
having server-wide access).

The issue I'm having is that, with this system, I need
/etc/apache2/mods-enabled/php5.load, but absolutely *NOT*
/etc/apache2/mods-enabled/php5.conf from Squeeze (the one from Lenny is
fine). That's because the Squeeze php5.conf for apache contains:

<FilesMatch "\.ph(p3?|tml)$">
	SetHandler application/x-httpd-php
</FilesMatch>

The Lenny one used to have:

AddType application/x-httpd-php .php .phtml .php3

which is fine for me. But the new one in Squeeze is conflicting with
what I'm doing later in the config file. This in a part of what I have
in my <VirtualHost> config file:

php_admin_flag engine off
ScriptAlias /cgi-bin /usr/lib/cgi-bin
Options +ExecCGI
AddHandler php-cgi-wrapper .php
Action php-cgi-wrapper /cgi-bin/sbox

I didn't find a way to disable a previously set FilesMatch in Squeeze,
at the VirtualHost level, so removing the SetHandler above is my only
way, but "a2enmod" is useless here, because it would also remove the
.load file. Of course, my workaround is to call "a2dismod php5" and add
the LoadModule directive manually in my apache custom config file, but
my point is to try to avoid this.

So, few questions in my mind:

Why do we need to have a SetHandler in the case of mod_php5? Isn't this
for PHP as CGI only? If so, why isn't that directive activated only when
we install php5-cgi? It's conflicting with using another CGI wrapper
than php5 in my (sbox-dtc) case. I haven't installed php5-cgi in my
server (even if it's in my chroot), so why is PHP touching the "Handler"
directives?

Why in Lenny, we had "AddType application/x-httpd-php .php .phtml .php3"
(which was fine for what I'm doing right now), and why now we now using
this FilesMatch and SetHandler directives?

Cheers,

Thomas Goirand (zigo)

More information about the pkg-php-maint mailing list