Introduction
Thanks to the PHP-FPM project and major distros picking it up (usually as php5-fpm
) newer shared hosting setups provide a set of per-user pools of PHP-FPM processes, combining the advantages of a running PHP process (caching of compiled version of .php files) and SuExec-style execution of PHP scripts under specific low-right system user (protecting shared hosting customers' data from each other).
...
More secure? (I think FilesMatch only to existing files that really end in ".php
", but I'm not 100% sure yet)
Disadvantages
Not sure yetHTTP Basic Authentication does not work for PHP scripts. Cookie auth works.
ProxyPass approach
To avoid what looks like a "subdirectory move" to Rewrite, one might use ProxyPassMatch
(or LocationMatch
+ ProxyPass
) instead of FastCgiExternalServer
and Action
, as proposed in https://wiki.apache.org/httpd/PHP-FPM
...
Security risks, see bottom of https://wiki.apache.org/httpd/PHP-FPM
Not sure if HTTP Basic Authentication works for PHP script.
FastCgiExternalServer / Action approach
Advantages
Works before Apache 2.4.10
HTTP Basic Authentication works for PHP scripts.
Definitely evaluated late enough to allow for .htaccess Rewrite orgies, but works as a Rewrite itself which can lead to Rewrite loops.
Disadvantages
Complicated to configure.
Works as a Rewrite itself which can lead to Rewrite loops.
Details
This was the first almost-satisfying approach I found, but it has major disadvantages.
...