Question posted in
Some documentation to get you started can be found here.

Using heroku-fcgi to handle files without a .php extension (Apache)

Overview

I’m trying to host a few legacy PHP apps on Heroku with Apache. They all relied on the following deprecated syntax to parse any unknown file types (without the .php extension) as PHP.

DefaultType application/x-httpd-php

This has been replaced by AddType in Apache 2.4 (Heroku currently uses v2.4.37). Heroku also uses mod_proxy_fcgi to process PHP files via fcgi://heroku-fcgi.

Issue

I have a file foo.test and I want to have it handled by PHP FPM. Taking cues from the docs and the default Apache config provided by Heroku, here’s what I’ve tried:

 # .htaccess

<FilesMatch .test$>
    <If "-f %{REQUEST_FILENAME}">
        SetHandler proxy:fcgi://heroku-fcgi
    </If>
</FilesMatch>

# apache_app.conf (properly loaded via Procfile)

ProxyPassMatch "^/(.*.test(/.*)?)$" "fcgi://heroku-fcgi/app/$1"

With both of these I get a plain-text 403 Access denied. response from PHP FPM. I’m sure both configs are properly loading and pointing to the FCGI handler because changing the endpoint results in other errors.

My Apache skills are long since rusty and I can’t seem to find any good pointers online. The Apache error log is also clean. Any ideas (without the obvious “change all extensions to PHP, you dumbass”) would be appreciated!

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Fairly obvious solution. PHP FPM has its own configuration with a security.limit_extensions flag. It defaults to .php.

    The solution was to unset that value: security.limit_extensions =. This naturally can pose some security threats, but these apps are only going up for static demo.

    I was using heroku/heroku-buildpack-php but forked that to update this file. The htaccess FilesMatch should work now but I just ended up placing it into the Apache config file to avoid repetition across the sites I'll be serving.


  2. 0

    security.limit_extensions can be customized with a configuration file passed as a Procfile argument.

    https://devcenter.heroku.com/articles/custom-php-settings#php-fpm-settings

    PHP-FPM settings:
    In addition to php_value and php_flag for php.ini specific settings, any pool specific PHP-FPM configuration directives are valid in that configuration file, so you can use it to fine tune PHP-FPM’s behavior.

    So you can set up it like the following

    Procfile

    web: vendor/bin/heroku-php-apache2 -C apache.conf -F fpm_custom.conf web/

    apache.conf

    <FilesMatch .test$>
            <If "-f %{REQUEST_FILENAME}"> # make sure the file exists so that if not, Apache will show its 404 page and not FPM
                    SetHandler proxy:fcgi://heroku-fcgi
            </If>
</FilesMatch>

    fpm_custom.conf

    security.limit_extensions = .php .test
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search