Opened 16 years ago
Last modified 14 years ago
#60 new enhancement
Apache handlers for PHP and static content
| Reported by: | andersk | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | web | Keywords: | |
| Cc: |
Description (last modified by andersk)
We currently launch PHP and static-cat directly from suexec. We should be able to replace this hack with a solution based on Apache handlers.
- We can wrap PHP in a handler that performs extra security checks, such as that the extension really is .php. This handler could later grow into the FastCGI PHP proxy pony. It could also solve #2.
- Static content should also become a handler, so that users can add their own static extensions.
The hardest problem is how to get these Apache handlers to run with the correct uid. My last proposal was a FUSE filesystem that I have prototyped at /mit/andersk/Public/scripts/scriptswrapfs.c, but I’d be interested in better ideas.
Change History (2)
comment:1 Changed 15 years ago by quentin
- Description modified (diff)
- Priority changed from major to minor
- Summary changed from Replace executable bit and binfmt_misc with Apache handlers to Replace binfmt_misc with Apache handlers
- Type changed from defect to enhancement
comment:2 Changed 14 years ago by andersk
- Description modified (diff)
- Summary changed from Replace binfmt_misc with Apache handlers to Apache handlers for PHP and static content
binfmt_misc is gone (#105) (except for Mono, for which we now use a magic number instead of an extension). So the only issues left are that we could be doing better for PHP and static content.
Quentin wants to do something involving reusing the Apache code for static content. This could be awesome if the implementation can be made sane and secure.
We no longer automatically set +x on files. We still support binfmt_misc. I am downgrading the severity of this bug.