PHP 5.6 on CentOS 7

This is how I managed to have PHP 5.6 on a fresh CentOS 7.

yum install epel-release
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum clean
yum update

Then…

yum install php56w php56w-opcache php56w-mcrypt php56w-pdo php56w-mysql php56w-mbstring php56w-gd php56w-dom

 

ImageMagick

yum install ImageMagick php56w-imagick

 

Restart httpd

service httpd restart

Can’t locate CGI/Carp.pm in @INC & Can’t locate LWP/Simple.pm in @INC

 

[Thu Mar 09 02:23:43.435879 2017] [cgi:error] [pid 28444] [client 94.63.XXX.XXX:54192] AH01215: Can’t locate CGI/Carp.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /path/to/cgi/admin/admin.cgi line 31.

This solved my issue…

yum install perl-CGI

 

[Thu Mar 09 02:26:54.892385 2017] [cgi:error] [pid 28442] [client 94.63.XXX.XXX:54242] AH01215: [Thu Mar 9 02:26:54 2017] admin.cgi: [Thu Mar 9 02:26:54 2017] admin.cgi: Can’t locate LWP/Simple.pm in @INC (@INC contains: /path/to/cgi/admin/ /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./shared/subs3.pm line 1003.
[Thu Mar 09 02:26:54.892456 2017] [cgi:error] [pid 28442] [client 94.63.XXX.XXX:54242] AH01215: [Thu Mar 9 02:26:54 2017] admin.cgi: [Thu Mar 9 02:26:54 2017] admin.cgi: BEGIN failed–compilation aborted at ./shared/subs3.pm line 1003.
[Thu Mar 09 02:26:54.892599 2017] [cgi:error] [pid 28442] [client 94.63.XXX.XXX:54242] AH01215: [Thu Mar 9 02:26:54 2017] admin.cgi: Compilation failed in require at /path/to/cgi/admin/admin.cgi line 151.

This solved my issue!

yum install perl-XML-Simple

 

PHP – It is not safe to rely on the system’s timezone settings.

Edit php.ini, mine, on CentOS 7 is located at /etc/php.ini.
Lets add the following line.

date.timezone = America/New_York

For other timezone take a look at http://www.php.net/manual/en/timezones.php

and then restart httpd

service httpd restart

If you don’t have access to the php.ini, here is another way to do it.
On our app/php…

if(!ini_get('date.timezone'))
{
    date_default_timezone_set('GMT');
}

as seen on http://stackoverflow.com/questions/16765158/date-it-is-not-safe-to-rely-on-the-systems-timezone-settings

😉

Incident report on memory leak caused by Cloudflare parser bug

Last Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare.

It turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.

For the avoidance of doubt, Cloudflare customer SSL private keys were not leaked. Cloudflare has always terminated SSL connections through an isolated instance of NGINX that was not affected by this bug.

https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

 

apache – proxy & proxy_http

 

Invalid command ‘ProxyPreserveHost’, perhaps misspelled or defined by a module not included in the server configuration

sudo a2enmod proxy

 

[Sun Feb 26 03:48:38.613627 2017] [proxy:warn] [pid 9117] [client 94.63.XXX.XXX:49486] AH01144: No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

sudo a2enmod proxy_http

Restart apache and everything should be okay now.
HOORAY!