AH01071: Got error 'Primary script unknown\n' apache2.4 php-fpm7.2

security apache-2.4 logging configuration php-fpm

31,195

…

Finally, I checked both services:

php-fpm7.3 -t
apachectl configtest

Since everything looked fine, I restarted them both:

systemctl restart php7.3-fpm
systemctl restart apache2

That simple.
Although I guess a reboot would have fixed this AH01071 as well.

31,195

Dan

Updated on September 18, 2022

Comments

Dan over 1 year

I seem to be getting these lines in my /var/log/apache2/error.log and the corresponding records in /var/log/apache2/access.log

/var/log/apache2/error.log

[Fri Sep 20 02:28:36.654357 2019] [proxy_fcgi:error] [pid 28619:tid 140003157985024] [client 49.233.5.191:37604] AH01071: Got error 'Primary script unknown\n'
[Fri Sep 20 02:28:38.136282 2019] [proxy_fcgi:error] [pid 28618:tid 140003082450688] [client 49.233.5.191:43806] AH01071: Got error 'Primary script unknown\n'

/var/log/apache2/access.log

49.233.5.191 - - [20/Sep/2019:02:28:36 +0000] "GET /TP/html/public/index.php HTTP/1.1" 404 392 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
49.233.5.191 - - [20/Sep/2019:02:28:36 +0000] "GET /elrekt.php HTTP/1.1" 404 433 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"

Those files obviously do not exist so this seems like a bot scan from the ip location and the behavior. However, when i request another file that does not exist. I do not get the 'Got error 'Primary script unknown\n' errors in the /var/log/apache2/error.log file

php-fpm configuration

<IfModule !mod_php7.c>
<IfModule proxy_fcgi_module>
    # Enable http authorization headers
    <IfModule setenvif_module>
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>

    <FilesMatch ".+\.ph(ar|p|tml)$">
        SetHandler "proxy:unix:/run/php/php7.2-fpm.sock|fcgi://localhost"
    </FilesMatch>
    <FilesMatch ".+\.phps$">
        # Deny access to raw php sources by default
        # To re-enable it's recommended to enable access to the files
        # only in specific virtual host or directory
        Require all denied
    </FilesMatch>
    # Deny access to files without filename (e.g. '.php')
    <FilesMatch "^\.ph(ar|p|ps|tml)$">
        Require all denied
    </FilesMatch>
</IfModule>
</IfModule>

Is this something that i can do something about, configuration change maybe?

I know i can block the ip using iptables, i am more interested in getting rid of the log entry if possible by some configuration change.

dortegaoh over 4 years

In this case a reboot fixed it.
Hardoman over 3 years

In my case I had to change the user and group in /etc/opt/remi/php73/php-fpm.d/www.conf to nobody (the same as apache using)