Jump to content
Froxlor Forum

gunnyst

Members
  • Content Count

    13
  • Joined

  • Last visited

  • Days Won

    1

gunnyst last won the day on January 10

gunnyst had the most liked content!

Community Reputation

2 Neutral

About gunnyst

  • Rank
    Froxie
  1. gunnyst

    PHP-FPM Security (Limit Extensions)

    works like a charm, thanks again!
  2. gunnyst

    PHP-FPM Security (Limit Extensions)

    great thx! I've been working all day using the version from yesterday and haven't noticed anything amiss so far... have a nice evening!
  3. Hello again, hope you don't mind me coming up with another issue (including proposal for solution obviously). I had another issue using PHP-FPM, where I cannot get my .XML files parsed by the PHP interpreter even though I have this in my .htaccess: <FilesMatch "\.(xml)$"> SetHandler php5-fastcgi Action php5-fastcgi /fastcgiphp Options +ExecCGI </FilesMatch> It turns out that there is a limit imposed by the security.limit_extensions setting which defaults to .php only. My .XML files are used in order to automatically return the correct autodiscover/autoconfig settings to Outlook/Thunderbird and the like and therefor need to be "dynamic XML files", but I could imagine someone else needing .phps or the like... Currently I have gone so far as to add some stuff to /var/www/froxlor/lib/classes/phpinterface/class.phpinterface_fpm.php @ 248: if ($this->_domain['domain'] == 'autodiscover.mydomain.tld') { $fpm_config.= 'security.limit_extensions = .php .xml'."\n"; } But again, this could be a new string-based setting in the new PHP-FPM versions section. (Slowly I'll get in touch with the code structure I promise...)
  4. gunnyst

    passing authorization headers

    Works, thanks d00p!!
  5. gunnyst

    passing authorization headers

    You're quick... ok I get what you mean... as soon as you point out the function to be used to retrieve that value I'll be quick to test this too (just in case)
  6. gunnyst

    passing authorization headers

    Alright... here I am and it "nearly" works. There is just the one glitch I noticed so far: After "upgrading" to the current git version and re-generating all configuration files apache complained about missing a value for "-idle-timeout". Most of my configuration files had the following inside: FastCgiExternalServer /var/www/php-fpm/froxlor.panel/panelname.domainname.tld/542e.fpm.external: invalid value for -idle-timeout: "" I have tried updating the value once in the backend PHP-FPM versions -> (Edit) -> Idle Timeout: by setting the already existing value of 30 to 60 and re-generating the configuration files. But still the call to Settings::Get('phpfpm.idle_timeout') always returns empty. My quick fix was to add $idle_timeout = Settings::Get('phpfpm.idle_timeout'); if (empty($idle_timeout)) { $idle_timeout = 60; } in both task-include-files (10.apache / 15.apache_fcgid), but that is not the proper way to do it. Since I'd like to avoid reading through all the code to get there, would you mind pointing me to the part which connects the backend-setting (which maintains the correct value after changing it) with the Settings-class? I'll then be happy to test this for you. Cheers!
  7. gunnyst

    passing authorization headers

    Alright, you have me curious now - I'll give it a try today!
  8. gunnyst

    passing authorization headers

    oh well I did an ALTER TABLE `panel_tasks` ADD `pass_authorizationheader` tinyint(1) NOT NULL default '0'; prior to anything else... so you'd recommend to go for that one.... btw. does it have these changes (https://github.com/Froxlor/Froxlor/pull/397) inside as well or is that in some other branch? (I'd really love to have PHP-FPM 5.6/7.0/7.1/7.2 running and choosable from within Froxlor!!) :-P
  9. gunnyst

    passing authorization headers

    Hi d00p... have tried it out now (the option pops up in the PHP Configurations section) but when the tasks are run it stumbles over $phpconfig['pass_authorizationheader'] giving me an "Undefined index: pass_authorizationheader" in both task scripts... Now I got to admit I only took and implemented your changes (all of them) in official 0.38.8 and was not using the latest git version. If you think that to be the cause then I will set up a new environment inside a VM. Cheers and thanks again!
  10. gunnyst

    passing authorization headers

    nice.... give me a little time to finish one more job and I'll be back with a feedback!
  11. gunnyst

    passing authorization headers

    hi d00p... what about mod_proxy users? (I got no clue really ;-) ) Anyway, passing authentication headers is nothing "bad" or "wrong" either. If you find it to intrusive to add a switch for it, why not allowing it by default? As far as I can tell there are neither performance issues with it, nor security issues - in the end it is up to the developer who uses it.
  12. gunnyst

    passing authorization headers

    I have some sites that make use of HTTP authorization headers inside of PHP (so not using htaccess/htpasswd, but an internal user database). For the moment I have simply added the required "-pass-header Authorization" to scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php @ 63 right after the "-socket" setting. But it would be nice if this was either always on by default or selectable as a switch in the GUI (could either be a global FCGI/FPM setting, but would be nicer if it was on a level with "PHP Configurations", since it's rarely needed). Thanks G√ľnther
×