[php-maint] Bug#685340: Bug#685340: php5-common: provide one /etc/apache2/conf.d/php5.conf for all SAPIs

Ondřej Surý ondrej at debian.org
Mon Aug 20 11:18:06 UTC 2012

On Mon, Aug 20, 2012 at 1:11 AM, Christoph Anton Mitterer
<calestyo at scientia.net> wrote:
> This would have the advantages:
> - All SAPIs share the same config, thus no surprises.

I am not sure it that's a good idea (even when I drop your mix of
AddType and SetHandler). I'll try to come with something else which
doesn't involve installing apache configuration files when install
php5-cli package.

> - No longer the need for manually configuring Apache with respect to PHP when using CGI/FCGI

That's simply not true.

- You will have to configure Apache manually for CGI/FastCGI, because
you can install mod_php along with php5-cgi - and having both serving
PHP files would create just a mess.

- For FastCGI using php5-cgi - you have to create a fastcgi wrapper,
so again it needs manual configuration.

- And FPM doesn't work with libapache2-mod-fcgid at all and needs
libapache2-mod-fastcgi from non-free, so again manual intervention is

> We can largely drop the special section about CGI from README.Debian

Not much can be dropped.

> I personally, would strongly recommend AGAINST also having the Action/ScriptAlias directive there;
> admins or package maintainers should place them in the <Directory> definitions where this
> is needed.

I agree on that, but from different reasons (as documented in
README.Debian) - the php5-cgi is webserver agnostic and we don't want
it to conflict with libapache2-mod-php5(filter).

> It's simply unclean and even dangerous to enable interpretation of PHP files server-wide, as
> it's now done by mod_php packages.

Why? You keep pushing your opinions without giving any technical
reason. Default Debian configuration is secure (it allows only files
in /var/www to be accessed).

> #Note: The following is a security measure to remove any possible mappings that would also apply on “middle extensions” (for example “test.php.png”).
> RemoveType php

You keep repeating this, but Apache manual says:


> If more than one extension is given that maps onto the same type of meta-information, then the one to the right will be used, except for languages and content encodings. For example, if .gif maps to the MIME-type image/gif and .html maps to the MIME-type text/html, then the file welcome.gif.html will be associated with the MIME-type text/html.

So either you or Apache manual is wrong.

> <Files ?*.php>
>         AddType application/x-php php
> </Files>

Again you keep pushing Files vs FilesMatch, but did you do or see any
performance tests. I would guess that processing the PHP file in most
common scenarios would be much longer than the performance hit induced
by using FilesMatch.

I would rather have the configuration files simple to read than tuned
to max performance.


    <FilesMatch ".+\.ph(p[345]?|tml|t)$">
       SetHandler application/x-httpd-php
    <FilesMatch ".+\.phps$">
       SetHandler application/x-httpd-php-source


    <Files ?*.php>
        SetHandler application/x-httpd-php
    <Files ?*.pht>
        SetHandler application/x-httpd-php
    <Files ?*.php3>
        SetHandler application/x-httpd-php
    <Files ?*.php4>
        SetHandler application/x-httpd-php
    <Files ?*.php5>
        SetHandler application/x-httpd-php
    <Files ?*.phtml>
        SetHandler application/x-httpd-php
    <Files ?*.phps>
        SetHandler application/x-httpd-php-source

The FilesMatch form is much simpler to read and modify en masse.

Ondřej Surý <ondrej at sury.org>

More information about the pkg-php-maint mailing list