Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Fool Proof auto prepend file Apache Workaround with a PHP Proxy Script

auto_prepend_files in Apache, CGI and FastCGI even!

11:16 pm on May 26, 2013 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
votes: 88

This is almost an Apache post but it's a very specialized Apache thing needed by many PHP programmers so I thought I'd post it here and link it from the Apache forum.

There are many reasons you need to add some code to an entire site, something that runs prior to anything else, including both .html and .php files (and more) for doing tasks like visitor tracking, input filtering to block cross server scripts, SQL injection, etc. or bot blocker, etc.

Lot's of reasons you might want to run something site wide.

However, short of adding includes in every page, there's no good universal solution because many things like value auto_prepend_file only work in certain conditions and most sites now use FastCGI and that's a bad place to use it as it doesn't work in the .htaccess implementation but may work in personal php.ini's which I didn't try, but it's a mess.

Anyway, here's method #1 that works in many cases.
php_value auto_prepend_file "/var/www/vhosts/example.com/preloader.php"

I could just jump to the end and give you the answer but then you wouldn't learn anything and considering how many hours I suffered looking for a good solution I think you should at least suffer a paragraph or two.

Now that solves the basic problem of adding a script in front of all PHP programs, at least running as Apache or CGI, but it still didn't solve the problem of enabling PHP for .html files so I needed to add the following in my .htaccess

AddHandler x-httpd-php5-cgi .html

At this point I might add, I'm running RHE (Red Hat Enterprise) with PHP 5.4 and Plesk 10.x as a control panel, a configuration many people also encounter using shared hosting like GoDaddy servers. You would think if it worked on my server under PHP 5.4 and Plesk 10.x on a ServerBeach install that the same would work on a GoDaddy PHP 5.4/Plesk 10x box wouldn't you? Well, you would be as wrong as I was as it required the following instead:

AddHandler php-script .html

Several other minor variations which I used on my RHE server didn't work on the CentOS box for whatever reason even though PHP 5.4, Apache 2.x and Plesk 10.x were all theoretically identical except someone obviously renamed something for the different builds, who knows which one is correct, I just know there were multiple answers to the problem.

So having solved 2 problems now I have PHP running a task before all PHP programs and now .HTML is PHP enabled so it runs PHP code but the task I have set up to run before all PHP programs isn't running when you have PHP in .HTML files.

Changed the AddHandler to this:
AddHandler application/x-httpd-php .html

And suddenly the pages are both PHP enabled AND they use the auto_prepend_file option TOO but only if you run PHP as Apache, which causes other problems, and most accounts are set to FastCGI and this won't work in that setting which is most common.

OK, solution almost in hand but it's a PITA and might not work as-is on more than one server host configuration assuming you can get PHP running in the right mode in the first place.

Then it hit me - do a rewrite rule instead and run the code as a proxy!

The following .htaccess code doesn't need to PHP enable the .HTML files, it just redirects all .HTML requests to my PHP file:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} \.html$
RewriteRule .* /preloader.php [L,QSA]

Now you have a new problem, it runs your code and stops, it doesn't display your .HTML file when it's finished which the other solutions did without issue.

The solution to that is simple, you add the following to your PHP file at the conclusion of it's execution, you make it check to see if there was an Apache redirect and if so, dump the .HTML file in the end:

if( isset($_SERVER["REDIRECT_URL"]) )
include( substr($_SERVER["REDIRECT_URL"],1) );

Now your code works as-is in the previous versions using the append method OR you can run is as a redirect and it works as a proxy just passing a file through.

More importantly, the last redirect proxy method can be used for other types of files like image files, PDFs, etc. so you could stop all non-browser user agents from grabbing image files for instace using the following in .htaccess:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} \.(gif|jpg)$
RewriteRule .* /imageprotector.php [L,QSA]

And the best part is, is doesn't matter if you're running PHP as Apache, CGI or FastCGI, it works across the board and you won't find yourself sitting there scratching your head wondering why what worked on 10 other servers suddenly doesn't work on server #11 which is what happened to me with the other methods.

Hope others find this useful!

[edited by: incrediBILL at 1:25 am (utc) on May 27, 2013]

11:35 pm on May 26, 2013 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
votes: 230

Merits a case of beer :)
6:55 am on May 27, 2013 (gmt 0)

Junior Member

joined:Apr 6, 2013
votes: 0

RewriteRule .* /preloader.php [L,QSA]


include( substr($_SERVER["REDIRECT_URL"],1) );

Interesting trick. The preloader script now behaves a bit like a front controller. All page requests are rewritten to this centralized entry point, then the preloader/front controller fetches the appropriate page.
1:48 pm on May 28, 2013 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
votes: 88

BTW, this code has one other unexpected side effect, it makes it appear as if all your HTML files are now PHP enabled because the include will cause any PHP in the HTML to execute.

Just thought I'd toss that out there as it's one less thing you need to configure but also something you need to consider when doing this.

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members