Ask Your Question
1

Apache server no longer working after F28 upgrade

asked 2018-12-14 14:49:17 -0600

ajlittoz gravatar image

updated 2018-12-17 05:37:51 -0600

hhlp gravatar image

At last, I converted and backed up my specific data and could launch a F26->F28 upgrade (I didn't dive into F29 because I fear compatibility problems with some applications whose data format/scheme changed a lot). I went through the dnf system-upgrade stance and the upgrade itself completed fine.

After that, I checked my custom configuration, notably my Web servers. My main one is in mixed environment: it delivers pure HTML pages, PHP, Python and Perl generated pages. It works fine except for Perl scripts.

It took me a while to discover that the default MPM module changed from worker to event. It appears mod_perl is not compatible with event. I then adapted my configuration, essentially an .htaccess file in the Perl script directory, so that Perl scripts are served by CGI in case event is active or by mod_perl otherwise.

After that, Perl scripts were interpreted as such instead of being displayed as is on screen. However, CSS style sheets and graphical pictures (JPEG, PNG, ICO, etc.) are also considered as scripts and tentatively executed, leading to error AH01241 (tons of these in error_log).

CSS and icons are filtered with <FilesMatch> so that they don't get Options +ExecCGI which is added only in a <FilesMatch> section for the scripts.

What changed in default Apache configuration between F26 and F28?

Sorry, I didn't note the versions for httpd, mod_perl and others in F26 because I didn't anticipate problems. I think it is not an Apache problem, but a Fedora specific one. This is why I ask here.

EDIT 2018-12-15 - Contents of .htaccess (unneeded comments stripped off for brevity):

File structure is a bit contorted because application should work automatically no matter Apache and mod_perl versions.

Options FollowSymlinks

<IfModule mod_version.c>
    <IfVersion < 2.4>
        Order deny,allow
    </IfVersion>
</IfModule>
<IfModule !mod_version.c>
    <IfModule !mod_authz_core.c>
        Order deny,allow
    </IfModule>
</IfModule>
# -----------    Access restrictions    -----------
Options -Indexes

# Forbid direct access to any file in LXR root and its subdirectories
<FilesMatch ".">
    <IfModule mod_version.c>
        <IfVersion < 2.4>
            Deny from all
        </IfVersion>
        <IfVersion >= 2.4>
            Require all denied
        </IfVersion>
    </IfModule>
    <IfModule !mod_version.c>
        <IfModule !mod_authz_core.c>
            Deny from all
        </IfModule>
        <IfModule mod_authz_core.c>
            Require all denied
        </IfModule>
    </IfModule>
</FilesMatch>

# But allow access to style sheets
<FilesMatch "\.css$">
    <IfModule mod_version.c>
        <IfVersion < 2.4>
            Allow from all
        </IfVersion>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
    </IfModule>
    <IfModule !mod_version.c>
        <IfModule !mod_authz_core.c>
            Allow from all
        </IfModule>
        <IfModule mod_authz_core.c>
            Require all granted
        </IfModule>
    </IfModule>
</FilesMatch>
# and graphic files (for icons)
<FilesMatch "\.(bmp|gif|icon?|jpe?g|png|svg|tiff?)$">
    <IfModule mod_version.c>
        <IfVersion < 2.4>
            Allow from all
        </IfVersion>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
    </IfModule>
    <IfModule !mod_version.c>
        <IfModule !mod_authz_core.c>
            Allow from all
        </IfModule>
        <IfModule mod_authz_core.c>
            Require all granted
        </IfModule>
    </IfModule>
</FilesMatch>

<FilesMatch "^(search ...
(more)
edit retag flag offensive close merge delete

Comments

Do you know if SELinux was enabled on your Fedora 26, is so you may need to change your configuration so it works with SELinux active as is default on Fedora 28.

aeperezt gravatar imageaeperezt ( 2018-12-14 18:31:32 -0600 )edit
1

SELinux is in permissive mode and directories are tagged for http operation and user_dir. I checked SELinux log for added assurance and it shows no AVC denials.

ajlittoz gravatar imageajlittoz ( 2018-12-15 00:54:30 -0600 )edit

2 Answers

Sort by » oldest newest most voted
1

answered 2018-12-16 11:05:18 -0600

ajlittoz gravatar image

I answer to my own question.

While I was initially struggling before discovering the worker->event MPM migration, on a colleague's suggestion, I changed in my .conf file <Files> for <ScriptAlias>, neglecting the warning in the documentation. <ScriptAlias> is strictly equivalent to <Files> + Options ExecCGI. Thus all files are considered scripts and passed to cgid.

Now, why don't an Options -ExecCGI and a SetHandler None override <ScriptAlias> Options directive?

Shame on me for not having checked that I really changed something in the configuration.

edit flag offensive delete link more
0

answered 2018-12-15 20:36:27 -0600

ed209 gravatar image

Since F26 apache configuration has changed a lot. See if here you could find any help: https://blog.remirepo.net/post/2017/1...

edit flag offensive delete link more

Comments

Thanks, it confirms the worker to event change, but it does not address the CSS issue with Perl.

ajlittoz gravatar imageajlittoz ( 2018-12-16 04:35:34 -0600 )edit

Question Tools

1 follower

Stats

Asked: 2018-12-14 14:49:17 -0600

Seen: 99 times

Last updated: Dec 17 '18