I am trying to work out why my .htaccess is not being considered when loading a .php file.
Below files sit in the webroot of my localhost.
.htaccess
# Cause a HTTP 500
test
file.html
<html><body><h1>This should not show</h1></body></html>
file.php
<html><body><h1>This should not show</h1></body></html>
when I access /index.html, I get the expected HTTP500
When I access /index.php, the html shows.
Any ideas why the .htaccess would not load for the PHP file?
Apache 2.4.6
VHost (/etc/httpd/vhosts.d/website.local.conf):
<VirtualHost *:443>
ServerName website.local
ServerAlias www.website.local
DocumentRoot /var/www/vhosts/website/website
<Directory /var/www/vhosts/website/website>
require all granted
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
# Trigger PHP-FPM to run PHP execution
<IfModule proxy_fcgi_module>
ProxyPassMatch "^/(.*\.php(/.*)?)$" "unix:/var/www/vhosts/website/php-fpm.sock|fcgi://website/var/www/vhosts/website/website"
DirectoryIndex index.php
</IfModule>
SSLEngine on
SSLCertificateKeyFile /var/www/ssl/website.key
SSLCertificateFile /var/www/ssl/website.crt
</VirtualHost>
There are no other vhost configurations for this site:
[root@localhost ~]# cat /etc/httpd/conf/*.conf | grep website.local
[root@localhost ~]# cat /etc/httpd/vhosts.d/*.conf | grep website.local
ServerName website.local
ServerAlias www.website.local
[root@localhost ~]#
Update 1:
I have enabled rewrite:trace3 loglevel following the .htaccess debug instructions from https://stackoverflow.com/questions/5641618/how-to-enable-loglevel-debug-on-apache2-server. It looks like the .htaccess file is not even considered by Apache when loading a PHP file:
Accessing "/file.html" – .HTAccess is loaded and HTTP500 returned as expected
==> /var/log/httpd/website-error_log <==
[Thu Jul 07 09:36:02.651091 2016] [core:alert] [pid 2822] [client 10.128.3.189:56406] /var/www/vhosts/website/website/.htaccess: Invalid command 'test', perhaps misspelled or defined by a module not included in the server configuration
==> /var/log/httpd/website-access_log <==
10.128.3.189 - - [07/Jul/2016:09:36:02 +0100] "GET /wp-admin/ HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
Accessing "file.php" – .HTAccess is not loaded and HTTP200 returned
==> /var/log/httpd/website-access_log <==
10.128.3.189 - - [07/Jul/2016:09:38:41 +0100] "GET /file.php HTTP/1.1" 200 64057 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
10.128.3.189 - - [07/Jul/2016:09:38:41 +0100] "GET /file.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2524 "https://www.website.local/file.php" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
10.128.3.189 - - [07/Jul/2016:09:38:41 +0100] "GET /file.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2146 "https://www.website.local/file.php" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
Accessing "file.jpg" – .HTAccess is loaded and HTTP500 returned as expected
==> /var/log/httpd/website-error_log <==
[Thu Jul 07 09:43:08.403263 2016] [core:alert] [pid 2827] [client 10.128.3.189:56551] /var/www/vhosts/website/website/.htaccess: Invalid command 'sfdgsaga', perhaps misspelled or defined by a module not included in the server configuration
==> /var/log/httpd/website-access_log <==
10.128.3.189 - - [07/Jul/2016:09:43:08 +0100] "GET /file.jpg HTTP/1.1" 500 527 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
I'm not aware of any configuration that would disallow .htaccess for specific file/mime types.. could it be a matter of in which order the modules are loaded?
Update 2: Cleaned up the vhost file above
Update 3: Problem only appears when PHP-FPM is configured
Removing the below code from the configuration no longer skips the .htaccess files
<IfModule proxy_fcgi_module>
ProxyPassMatch "^/(.*\.php(/.*)?)$" "unix:/var/www/vhosts/website/php-fpm.sock|fcgi://website/var/www/vhosts/website/website"
DirectoryIndex index.php
</IfModule>
Update 4: Kudos to @w3d for pointing this out. Internally proxying the request is going to skip the .htaccess file. Of course it does. I have updated my VHost file to the below, following the answer from this thread: Apache 2.4 + PHP-FPM + ProxyPassMatch
<VirtualHost *:443>
ServerName website.local
ServerAlias www.website.local
DocumentRoot /var/www/vhosts/website/website
<Directory /var/www/vhosts/website/website>
require all granted
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
ErrorLog "logs/website-error_log"
CustomLog "logs/website-access_log" combined env=!forwarded
CustomLog "logs/website-access_log" proxy env=forwarded
# Proxy set-up as per
# https://serverfault.com/questions/450628/apache-2-4-php-fpm-proxypassmatch
# This is to forward all PHP to php-fpm.
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/www/vhosts/website/php-fpm.sock|fcgi://website/"
</FilesMatch>
# Set some proxy properties (the string "unique-domain-name-string" should match
# the one set in the FilesMatch directive.
<Proxy fcgi://website>
ProxySet connectiontimeout=5 timeout=240
</Proxy>
DirectoryIndex /index.php index.php
# If the php file doesn't exist, disable the proxy handler.
# This will allow .htaccess rewrite rules to work and
# the client will see the default 404 page of Apache
RewriteCond %{REQUEST_FILENAME} \.php$
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
RewriteRule (.*) - [H=text/html]
SSLEngine on
SSLCertificateKeyFile /var/www/ssl/website.key
SSLCertificateFile /var/www/ssl/website.crt
</VirtualHost>
Best Answer
This part of vhosts configuration is relevant when you access that website with https, you should have another instance in vhosts , can you look again and update your post?