Jump to content
Froxlor Forum
  • 0

passing authorization headers


gunnyst

Question

I have some sites that make use of HTTP authorization headers inside of PHP (so not using htaccess/htpasswd, but an internal user database). For the moment I have simply added the required "-pass-header Authorization" to scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php @ 63 right after the "-socket" setting. But it would be nice if this was either always on by default or selectable as a switch in the GUI (could either be a global FCGI/FPM setting, but would be nicer if it was on a level with "PHP Configurations", since it's rarely needed).

Thanks

Günther

Link to comment
Share on other sites

18 answers to this question

Recommended Posts

hi d00p... what about mod_proxy users? (I got no clue really ;-) )

Anyway, passing authentication headers is nothing "bad" or "wrong" either. If you find it to intrusive to add a switch for it, why not allowing it by default? As far as I can tell there are neither performance issues with it, nor security issues - in the end it is up to the developer who uses it.

Link to comment
Share on other sites

Hi d00p... have tried it out now (the option pops up in the PHP Configurations section) but when the tasks are run it stumbles over $phpconfig['pass_authorizationheader'] giving me an "Undefined index: pass_authorizationheader" in both task scripts...

Now I got to admit I only took and implemented your changes (all of them) in official 0.38.8 and was not using the latest git version. If you think that to be the cause then I will set up a new environment inside a VM.

Cheers and thanks again!

 

Link to comment
Share on other sites

oh well I did an ALTER TABLE `panel_tasks` ADD `pass_authorizationheader` tinyint(1) NOT NULL default '0'; prior to anything else... so you'd recommend to go for that one.... btw. does it have these changes (https://github.com/Froxlor/Froxlor/pull/397) inside as well or is that in some other branch? (I'd really love to have PHP-FPM 5.6/7.0/7.1/7.2 running and choosable from within Froxlor!!) :-P

Link to comment
Share on other sites

Alright... here I am and it "nearly" works. There is just the  one glitch I noticed so far:

After "upgrading" to the current git version and re-generating all configuration files apache complained about missing a value for "-idle-timeout". Most of my configuration files had the following inside:

FastCgiExternalServer /var/www/php-fpm/froxlor.panel/panelname.domainname.tld/542e.fpm.external: invalid value for -idle-timeout: ""

I have tried updating the value once in the backend PHP-FPM versions -> (Edit) -> Idle Timeout: by setting the already existing value of 30 to 60 and re-generating the configuration files. But still the call to

Settings::Get('phpfpm.idle_timeout')

always returns empty. My quick fix was to add

$idle_timeout = Settings::Get('phpfpm.idle_timeout');
if (empty($idle_timeout)) {
	$idle_timeout = 60;
}

in both task-include-files (10.apache / 15.apache_fcgid), but that is not the proper way to do it. Since I'd like to avoid reading through all the code to get there, would you mind pointing me to the part which connects the backend-setting (which maintains the correct value after changing it) with the Settings-class?

I'll then be happy to test this for you.

Cheers!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...