Apache 2.4: ProxyPass (For PHP) Taking Precedence Over Files/FilesMatch In Htaccess

Oh Dear! monitors your entire site, not just the homepage. We crawl and search for broken pages and mixed content, send alerts when your site is down and notify you on expiring SSL certificates.

Start your free 10 day trial! »

Image of Mattias Geniar

Mattias Geniar, August 02, 2015

Follow me on Twitter as @mattiasgeniar

I got to scratch my head on this one for a while. If you’re writing a PHP-FPM config for Apache 2.4, don’t use the ProxyPassMatch directive to pass PHP requests to your FPM daemon.

This will cause you headaches:

# don't
<IfModule mod_proxy.c>
  ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/
</IfModule>

You will much rather want to use a FilesMatch block and refer those requests to a SetHandler that passes everything to PHP.

# do this instead
# Use SetHandler on Apache 2.4 to pass requests to PHP-PFM
<FilesMatch \.php$>
  SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>

Why is this? Because the ProxyPassMatch directives are evaluated first, before the FilesMatch configuration is being run.

That means if you use ProxyPassMatch, you can’t deny/allow access to PHP files and can’t manipulate your PHP requests in any way anymore.

So for passing PHP requests to an FPM daemon, you’d want to use FilesMatch + SetHandler, not ProxyPassMatch.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.