Menu
I am looking for a way to use a PHP script to control access to resources in Apache. I want to have access control that does not depend on the target resource; i.e. it will work for html, files, other scripts and cgi programs, just as an "Allow from" or "Deny from" directive would do -- except using custom logic.
I've looked at several ways to try to manage this:
Of these #2 looked most promising, and also most portable given the popularity of FastCGI. So, I managed to swap out the usual linux php module and get php working via fastcgi instead. It was harder than on Windows but got it to work eventually as an external server, i.e. using Apache directive
FastCGIExternalServer /var/www/html/thing -host 192.168.0.11:9000
and starting php daemon
php-cgi -q -b 192.168.0.11:9000 &
The trouble came in trying to find a way to invoke a PHP script using FastCgiAccessChecker.
I've tried various ways to try to pass in the script name I want to run by changing the filename in the FastCGIExternalServer and/or FastCgiAccessChecker directives -- doesn't work. I've also tried starting php-cgi with a script specifier, i.e.
php-cgi -q -b 192.168.0.11:9000 -f /var/www/html/thing/access.php &
Nothing works. I can tell apache recognizes my directives, sort of, because when I include FastCgiAccessChecker then visit a php page, content-type changes to text/plain and I lose the first ~8000 bytes of content from the page served if it's a script (no idea why). But it does not call the PHP script I want to run.
As far as I can figure, what is happening is that FastCgiAccessChecker assumes that the specified fastcgi server is compiled specifically to act as an access checker. There is no way to tell the fastcgi server (PHP in my case) what script to run to do the access check.
I've searched the web and as far as I can tell no one has ever tried to use a PHP script for this before, or no one has written about it.
So my question: what should I be doing? I can see a few possibilities:
1) I am missing something, and there is some magic way to make FastCgiAccessChecker do what I want: run a PHP script to control apache access control
2) I write my own FastCGI server in c and embed PHP, so I can specify the PHP script I want to run (I spent a few minutes looking in to this; it looks complicated and scary, and I haven't worked in c since 1995)
3) I give up on FastCGI and write an apache module to call my PHP script directly to control access. (Also looks complicated; and this technique would require a new process to be spawned for every request to exec PHP.)
Does anyone have any advice, either on how to get FastCGI to do what I want, or a (reasonably) simple alternative to FastCGI?
Thanks for anything you can suggest
755
PHP and MySQL both are compatible with an Apache server. These two are open source and easy to set up. PHP runs on many platforms like Windows, Linux, and Unix.
mod_php means PHP, as an Apache module. Basically, when loading mod_php as an Apache module, it allows Apache to interpret PHP files (those are interpreted by mod_php ).
My approach to these types of situations is to use mod_xsendfile in combination with mod_rewrite. These may not appear to do what you want a first, but if you:
You can essentially implement any security system you want in this manner.
mod_xsendfile essentially just sends a file in the exact same manner that Apache would, had the file been accessed directly. It's stable and works great in every situation I've thrown at it. It should also 'just work' without a huge burden of setup, which you seem to be struggling with a little.
85
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
