1

I have a very weird problem with PHP FPM in combination with Apache and mod_fastcgi. Whenever a PHP file is requested, Apache adds Content-Language: de to the response headers. For the life of me, I cannot figure out why this is happening! I'm using Ubuntu 16.04, my Apache version is 2.4.18. My PHP FPM is a custom build. I'm using the following config to process PHP files:

<FilesMatch ".+\.php$">
    SetHandler php-fcgi
</FilesMatch>
Action php-fcgi /php-fcgi
Alias /php-fcgi /foo.fcgi
FastCgiExternalServer /foo.fcgi -socket /bar.sock -pass-header Authorization

The following Apache modules are enabled: actions, alias, autoindex, dir, env, fastcgi, filter, headers, mime, negotiation and setenvif.

The module configs are left untouched. There is no DefaultLanguage set as far as I can see.

Any idea where the header is coming from and how I can remove it?

EDIT

When requesting a plain .html file, the following headers are sent: Date, Server, Connection, Keep-Alive, ETag.

When requesting a PHP file with <?php exit('Hello World');, the following headers are sent: Date, Server, Vary, Content-Encoding, Keep-Alive, Connection, Transfer-Encoding, Content-Type, Content-Language.

I don't see why PHP would add Content-Language: de, especially since all the software on this server is in English.

user2323470
  • 183
  • 4
  • 9
  • 1
    Are you sure? if you have a php-fpm backend, it is generally the backend generating the response headers not apache. Have you tried querying the backend directly to see it does not include that header? There is a chance mod_negotiation could do that though, disable mod_negotiation and see – Daniel Ferradal Oct 10 '17 at 13:44
  • No, I'm not 100% sure, but I don't see why PHP would be responsible. I suspect mod_negotiation to be the culprit as well, since it seems to be the only module dealing with that sort of stuff. Is it safe to disable it? I'm not using it knowingly, but I don't want to accidentally break the sites on my production server. – user2323470 Oct 11 '17 at 09:10
  • You can comment the LoadModule directive and just check the config without restarting or anything with `apachectl -t` – Daniel Ferradal Oct 11 '17 at 09:58
  • I'm not worried about the config, but functionality. When executing `a2dismod negotiation`, it tells me: "The following essential module will be disabled. This might result in unexpected behavior and should NOT be done unless you know exactly what you are doing!" Sounds dangerous, I'm gonna test it on a VM. – user2323470 Oct 11 '17 at 10:15
  • I disabled mod_negotiation (and restarted Apache of course), but the header is still being sent. I don't get it. :( – user2323470 Oct 11 '17 at 10:20
  • you know what to do. Request to the php backend directly and see – Daniel Ferradal Oct 11 '17 at 10:49
  • Ok, I finally figured out where it is coming from!! It depends on the alias. If the alias were e.g. `foo.co.uk.fcgi`, Apache would send `Content-Language: uk`. However, I still don't know who is responsible, since mod_negotiation is still disabled. – user2323470 Oct 11 '17 at 10:59

1 Answers1

1

I figured it out. The culprit was mod_mime, which adds Content-Language based on the extensions of the CGI script file (the second argument to Alias), which on my production server contained .de.

user2323470
  • 183
  • 4
  • 9