SSL PHP over FastCGI + mod_rewrite

Nemno · Feb 2, 2009

Hi all

I have a Server Apache/2.2.3 (Debian4)php5. I have install joomla on this server and activate SEO, which require mod_rewrite. Forthat i have create a .htaccess file with the follow content.

When i remove the part <Files ~ (\.php)>.... then i will receive the error message "Forbidden Acess..." in http and https mode.

witht the <Files... it work on the http mode but not in the https mode. Who can helps

<Files ~ (\.php)>
Options +FollowSymLinks +Indexes
#Options +FollowSymLinks +ExecCGI +SymLinksIfOwnerMatch +Indexes
</Files>

RewriteEngine On

RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

RewriteCond %{QUERY_STRING} base64_encode.*$.*$ [OR]

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

RewriteRule ^(.*)$ index.php [F,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC]
RewriteRule (.*) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

Thats my httpd.include (i have not created a vhost.con or vhost_ssl.conf

# ATTENTION!
# DO NOT MODIFY THIS FILE OR ANY PART OF IT. THIS CAN RESULT IN IMPROPER PLESK
# FUNCTIONING OR FAILURE, CAUSE DAMAGE AND LOSS OF DATA. IF YOU REQUIRE CUSTOM
# MODIFICATIONS TO BE APPLIED TO THE CONFIGURATION, PLEASE, PERFORM THEM IN THE
# FOLLOWING FILE(S):
# /var/www/vhosts/domain.ch/conf/vhost.conf
# /var/www/vhosts/domain.ch/conf/vhost_ssl.conf
# /var/www/vhosts/domain.ch/subdomains/<subdomain-name>/conf/vhost.conf

<IfModule mod_ssl.c>

<VirtualHost xx.xxx.xxx.xxx:443>
ServerName domain.ch:443
ServerAlias www.domain.ch
UseCanonicalName Off
SuexecUserGroup touchadmin psacln
ServerAdmin [email protected]
DocumentRoot /var/www/vhosts/domain.ch/httpsdocs
CustomLog /var/www/vhosts/domain.ch/statistics/logs/access_ssl_log plesklog
ErrorLog /var/www/vhosts/domain.ch/statistics/logs/error_log
<IfModule mod_userdir.c>
UserDir /var/www/vhosts/domain.ch/web_users
</IfModule>
ScriptAlias /cgi-bin/ /var/www/vhosts/domain.ch/cgi-bin/
Alias /plesk-stat /var/www/vhosts/domain.ch/statistics/
<Location /plesk-stat/>
Options +Indexes
</Location>
<Location /plesk-stat/logs/>
Require valid-user
</Location>
Alias /webstat /var/www/vhosts/domain.ch/statistics/webstat
Alias /webstat-ssl /var/www/vhosts/domain.ch/statistics/webstat-ssl
Alias /ftpstat /var/www/vhosts/domain.ch/statistics/ftpstat
Alias /anon_ftpstat /var/www/vhosts/domain.ch/statistics/anon_ftpstat
Alias /awstats-icon /usr/share/awstats/icon
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /opt/psa/var/certificates/certFPN8153
<Directory /var/www/vhosts/domain.ch/httpsdocs>
<IfModule mod_perl.c>
<Files ~ (\.pl$)>
SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
allow from all
PerlSendHeader On
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.fcgi)>
SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.php)>
SetHandler fcgid-script
FCGIWrapper /usr/bin/php5-cgi .php
Options ExecCGI
allow from all
</Files>
</IfModule>
SSLRequireSSL
Options +Includes +ExecCGI
</Directory>
</VirtualHost>

</IfModule>

<VirtualHost xx.xxx.xxx.xxx:80>
ServerName domain.ch:80
ServerAlias www.domain.ch
UseCanonicalName Off
SuexecUserGroup touchadmin psacln
ServerAdmin "[email protected]"
DocumentRoot /var/www/vhosts/domain.ch/httpdocs
CustomLog /var/www/vhosts/domain.ch/statistics/logs/access_log plesklog
ErrorLog /var/www/vhosts/domain.ch/statistics/logs/error_log
<IfModule mod_userdir.c>
UserDir /var/www/vhosts/domain.ch/web_users
</IfModule>
ScriptAlias /cgi-bin/ /var/www/vhosts/domain.ch/cgi-bin/
Redirect permanent /plesk-stat https://domain.ch/plesk-stat
Redirect permanent /webstat https://domain.ch/webstat
Redirect permanent /webstat-ssl https://domain.ch/webstat-ssl
Redirect permanent /ftpstat https://domain.ch/ftpstat
Redirect permanent /anon_ftpstat https://domain.ch/anon_ftpstat
Redirect permanent /awstats-icon https://domain.ch/awstats-icon
<IfModule mod_ssl.c>
SSLEngine off
</IfModule>
<Directory /var/www/vhosts/domain.ch/httpdocs>
<IfModule mod_perl.c>
<Files ~ (\.pl$)>
SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
allow from all
PerlSendHeader On
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.fcgi)>
SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.php)>
SetHandler fcgid-script
FCGIWrapper /usr/bin/php5-cgi .php
Options ExecCGI
allow from all
</Files>
</IfModule>
Options +Includes +ExecCGI
</Directory>
</VirtualHost>

Nemno · Feb 2, 2009

Please help

horst rupp · Mar 1, 2009

is there any message in the error_log ?

SSL PHP over FastCGI + mod_rewrite

Nemno

Guest

Nemno

Guest

horst rupp

Basic Pleskian

Similar threads