Hi, I wanted to validate the behavior of error logging I'm seeing in httpd(8). What I think I'm seeing is that in some cases no error logging occurs unless httpd is run with verbose mode (-v) enabled. Without -v errors that result in 500 status go unlogged. Also in some cases error logging in verbose mode provides less useful information than might be possible.
Noted similar-ish behavior here from early 2016: http://marc.info/?l=openbsd-misc&m=145429998301127&w=2 In my case with no modifications to 'log' directive in httpd.conf, so expecting logging to /var/www/logs/access.log for access logs and /var/www/logs/error.log for error logging. With the configuration below, requests for PHP files should be passed to the php-fpm at the given fastcgi socket, but testing without the php-fpm daemon started causes a 500 error to be returned to client and no log file (not in error.log, nor syslog). Verbosity: off (/usr/sbin/httpd) Request: http://<server>/phpinfo.php Logging: ==> /var/www/logs/access.log <== default 10.0.6.23 - - [04/Jan/2017:13:37:37 -0700] "GET /phpinfo.php HTTP/1.1" 500 0 Verbosity: on (/usr/sbin/httpd -v) Request: http://<server>/phpinfo.php Logging: ==> /var/www/logs/access.log <== default 10.0.6.23 - - [04/Jan/2017:13:40:25 -0700] "GET /phpinfo.php HTTP/1.1" 500 0 Verbosity: on 2x (/usr/sbin/httpd -vv) Request: http://<server>/phpinfo.php Logging: ==> /var/www/logs/access.log <== default 10.0.6.23 - - [04/Jan/2017:13:41:31 -0700] "GET /phpinfo.php HTTP/1.1" 500 0 ==> /var/www/logs/error.log <== server default, client 1 (1 active), 10.0.6.23:55640 -> 10.0.1.2, No such file or directory (500 Internal Server Error) server default, client 1 (1 active), 10.0.6.23:55641 -> 10.0.1.2, done Verbosity: on 3x (/usr/sbin/httpd -vvv) Request: http://<server>/phpinfo.php Logging: ==> /var/www/logs/access.log <== default 10.0.6.23 - - [04/Jan/2017:13:43:15 -0700] "GET /phpinfo.php HTTP/1.1" 500 0 ==> /var/www/logs/error.log <== server default, client 1 (1 active), 10.0.6.23:55652 -> 10.0.1.2, No such file or directory (500 Internal Server Error) server default, client 1 (1 active), 10.0.6.23:55653 -> 10.0.1.2, done So error log is not written without verbosity being enabled and increased with -vv. The error that does occur indicates that a file cannot be found, but doesn't indicate which file (would expect to indicate that it's the missing socket). This case also seemed odd to me (this is now after php-fpm is started and available): Verbosity: on 3x (/usr/sbin/httpd -vvv) Request: http://<server>/nosuchfile.php Logging: ==> /var/www/logs/error.log <== Access to the script '/htdocs' has been denied (see security.limit_extensions) ==> /var/www/logs/access.log <== default 10.0.6.23 - - [04/Jan/2017:14:29:14 -0700] "GET /nosuchfile.php HTTP/1.1" 403 0 I would have expected this to return a 404 from httpd but it almost seems like PHP is receiving a truncated path (/htdocs) because of the missing file (referenced configuration comes from /etc/php-fpm.conf:;security.limit_extensions = .php .php3 .php4 .php5). Is the above behavior expected/correct? kern.version=OpenBSD 6.0 (GENERIC.MP) #2: Mon Oct 17 10:22:47 CEST 2016 [email protected]:/binpatchng/work-binpatch60-amd64/src/sys/arch/amd64/compile/GENERIC.MP ### httpd.conf ext_addr="*" server "default" { listen on $ext_addr port 80 listen on $ext_addr tls port 443 location "/pub/OpenBSD/*/*/*" { directory auto index } location "*.php" { fastcgi socket "/run/php-fpm.sock" } location "/cgi-bin/*" { fastcgi # The /cgi-bin directory is outside of the document root root "/" } root "/htdocs" } -- Darren Spruell [email protected]
