Versions Compared

Old Version 3

changes.mady.by.user Christoph Lechleitner

Saved on

compared with

New Version Current

changes.mady.by.user Christoph Lechleitner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: HTTP Basic auth not supported by SetHandler variant

Introduction

Thanks to the PHP-FPM project and major distros picking it up (usually as php5-fpm) newer shared hosting setups provide a set of per-user pools of PHP-FPM processes, combining the advantages of a running PHP process (caching of compiled version of .php files) and SuExec-style execution of PHP scripts under specific low-right system user (protecting shared hosting customers' data from each other).

...

More secure? (I think FilesMatch only to existing files that really end in ".php", but I'm not 100% sure yet)

Disadvantages

Not sure yetHTTP Basic Authentication does not work for PHP scripts. Cookie auth works.

ProxyPass approach

To avoid what looks like a "subdirectory move" to Rewrite, one might use ProxyPassMatch (or LocationMatch + ProxyPass) instead of FastCgiExternalServer and Action, as proposed in https://wiki.apache.org/httpd/PHP-FPM

...

Security risks, see bottom of https://wiki.apache.org/httpd/PHP-FPM

Not sure if HTTP Basic Authentication works for PHP script.

FastCgiExternalServer / Action approach

Advantages 

Works before Apache 2.4.10

HTTP Basic Authentication works for PHP scripts.

Definitely evaluated late enough to allow for .htaccess Rewrite orgies, but works as a Rewrite itself which can lead to Rewrite loops.

 

Disadvantages

Complicated to configure. 

Works as a Rewrite itself which can lead to Rewrite loops. 

Details

This was the first almost-satisfying approach I found, but it has major disadvantages.

...