Apache 2.4: ProxyPass (For PHP) Taking Precedence Over Files/FilesMatch In Htaccess

Profile image of Mattias Geniar

Mattias Geniar, August 02, 2015

Follow me on Twitter as @mattiasgeniar

I got to scratch my head on this one for a while. If you’re writing a PHP-FPM config for Apache 2.4, don’t use the ProxyPassMatch directive to pass PHP requests to your FPM daemon.

This will cause you headaches:

# don't
<IfModule mod_proxy.c>
  ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/
</IfModule>

You will much rather want to use a FilesMatch block and refer those requests to a SetHandler that passes everything to PHP.

# do this instead
# Use SetHandler on Apache 2.4 to pass requests to PHP-PFM
<FilesMatch \.php$>
  SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>

Why is this? Because the ProxyPassMatch directives are evaluated first, before the FilesMatch configuration is being run.

That means if you use ProxyPassMatch, you can’t deny/allow access to PHP files and can’t manipulate your PHP requests in any way anymore.

So for passing PHP requests to an FPM daemon, you’d want to use FilesMatch + SetHandler, not ProxyPassMatch.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.