Regression fix: allow Drupal 8 to work without Apache mod_rewrite

FallbackResource needs Apache 2.2.16 so we'd want to change the minimum apache version in core/INSTALL.txt from 2.0 (There is <IfVersion> but I'm not sure this would be guaranteed to work either)

Also I think it would be worth documenting that the /index.php directives only work if Drupal is being accessed via the top level of the URL, i.e. http://example.com/ but not http://example.com/drupal/

in addition to the documentation suggestion - with this patch I don't think there is any reason to keep the ErrorDocument 404? (the index.php RewriteRule is still useful though for sites in subdirectories)

+++ b/.htaccess
@@ -18,6 +18,9 @@ Options -Indexes
+# Make Drupal work if rewrite is not enabled.
+FallbackResource /index.php

That is cool! Didn't know this directive existed, but seems like a simpler approach than mod_rewrite and removes a dependancy which is also cool, IMO;)

Symfony2 was also considering this in mid 2013:
@see https://groups.google.com/forum/#!topic/symfony2/B20W2wBSsiY

* Debian 6 Squeeze (oldstable) ships 2.2.16 [http://packages.debian.org/es/squeeze/apache2] .
* Debian 7 Wheezy (stable) ships 2.2.22 [http://packages.debian.org/es/wheezy/apache2]
* Ubuntu 10.04 LTS (lucid) ships 2.2.14 [http://packages.ubuntu.com/lucid/apache2]
* Ubunto 12.04 LTS (precise) ships 2.2.22 [http://packages.ubuntu.com/precise/apache2]

I've also checked that Ubuntu 10.04 LTS (lucid) ships php 5.3.2 [http://packages.ubuntu.com/lucid/php5] which is compatible with Symfony 2.0, but not with Symfony 2.1+

And mentioned in their docs:
http://silex.sensiolabs.org/doc/web_servers.html

Which references this article: https://www.adayinthelifeof.nl/2012/01/21/apaches-fallbackresource-your-...

I'm sorry. This new issue is a duplicate of #2099311: User login not working if mod_rewrite is not enabled since that issue describes the problem first. Please post this patch in the original issue.

Moving this to a task to emphasis the distinction and re-titling to be more inline with the IS.

@chris_hall_hu_cheng Please don't be surprised if someone else closes this issue again. #2099311: User login not working if mod_rewrite is not enabled is the original report; the conversation should be expanded there.

I don't believe either the description or the title of #2099311 are likely to result in a fruitful outcome.

Please change it then. You are able to edit the title and entire description of the original issue. Fragmenting the issue queue leads to confusion and slower resolution times.

Installed and tested patch #1 with rewrite disabled. Forms are now working with and without rewrite enabled. Thanks chris_hall_hu_cheng.

According to geerlingguy (https://www.drupal.org/node/2094985#comment-9331657) working without clean URLs is a regression so shouldn't the category remain Bug report?

This definitely fixing a bug.

ug. I will move as much info as possible to the original issue: #2099311: User login not working if mod_rewrite is not enabled

@YesCT I've just been reviewing the working patch on this issue...

Manually tested and it works great. Tested 404's with rewrite enabled and disabled. A quick google for IIS and it looks like you can't disable the rewrite so we don't have to worry about web.config.

I'm going to try to write a test.

Now to look through all the dupes and see who deserves credit.

sorry.
ok. let's use this issue since it has the patch, and move any info from the other issue here that is needed.
We can mention and thank the opener of the other issue (@ speely ) on this one. I'll update the summary to do that.

I think it is okay to raise the minimum requirement for people who want Drupal 8 to run without clean urls to Apache 2.2.16.

I've thought about tests and I can not see how to do this. Therefore all we need to do is:

• improve the code comments to mention the Apache version requirement
• write a CR mentioning the Drupal 8 without clean urls requires Apache 2.2.16 or greater

Once this goes in we should update the requirements page.

Added a suggested commit message of

git commit -m 'Issue #2382513 by chris_hall_hu_cheng, quietone, shivanshuag, YesCT, Jeroen: Regression fix: allow Drupal 8 to work without Apache mod_rewrite'

based on people who worked on #2094985: Drupal 8 install does not warn if Clean Urls are not supported

This is the page that needs updating once this is fixed https://www.drupal.org/requirements/webserver

I will start the change record now.

https://www.drupal.org/node/2420781 is the draft change record.

> improve the code comments to mention the Apache version requirement

I'm not entirely sure what's needed where, but here's a stab at it.

added more people to the suggested commit message from #1878884: Drupal8 doesn't warn you if apache rewrite is turned off and @joachim.

1. +++ b/.htaccess
   @@ -55,6 +52,14 @@ DirectoryIndex index.php index.html index.htm
   +# FallbackResource enabled if there is no mod_rewrite.
   

   Let's make this read more like a sentence.

2. +++ b/.htaccess
   @@ -55,6 +52,14 @@ DirectoryIndex index.php index.html index.htm
   +# This allows Drupal to run without mod_rewrite (and thus without the clean
   +# URLs feature), but requires Apache 2.2.16 or higher.
   

   This should be re-flowed to join up with the previous line.

3. +++ b/.htaccess
   @@ -55,6 +52,14 @@ DirectoryIndex index.php index.html index.htm
   +  # Make Drupal work if rewrite is not enabled.
   

   This is a duplicate comment

I think the comment should be something like:

Set a fallback resource if mod_rewrite is not enabled. This allows Drupal to work without clean URLs, but requires Apache 2.2.16 or higher.

Done.

Oops.

Looks great. Thanks.

Following pestering in IRC from YesCT (*smirk*), the attached patch fixes the issues in #27. I removed the Apache version requirement phrase because, if this is enabled by default, then 2.2.16 should be Drupal's min Apache version number. If moving the requirements is not in the cards, then this .htaccess directive should be commented out.

@TODO: If this patch is accepted, the requirements page will need to be updated to include the new min Apache version and

You can use the Apache 'mod_rewrite' extension to allow for clean URLs. Note that with Drupal 8, clean urls are enabled by default and can't be disabled, so mod_rewrite needs to be installed and enabled for Drupal 8 to work.

will need to be reworded.

Crap. Totally cross-posted... Sorry about that.

But I think my comments, above, about the min Apache version number are still valid.

interdiffs++

soooo.

We need to have a requirements check for apache < 2.2.16 AND no rewrite mod enabled.

we can bring over some code from #2094985: Drupal 8 install does not warn if Clean Urls are not supported

also, manually testing on a server with < 2.2.16 would be great.
@jsmith might be able to do that.

Adding the install check from #2094985-41: Drupal 8 install does not warn if Clean Urls are not supported along with the de-capitalization requested by @alexpott in #2094985-44: Drupal 8 install does not warn if Clean Urls are not supported.

I haven't had a chance to test this and probably won't this evening. I would appreciate someone running through a manual install with/without mod_rewrite enabled and posting back their results. Thanks!

as I mentioned up in #2, to avoid confusion it should be documented that the FallbackResource /index.php directive also requires drupal to be in the top-level directory, not in a subdirectory.

just to have the testbot run.

1. +++ b/core/modules/system/system.install
   @@ -55,6 +56,16 @@ function system_requirements($phase) {
   +  // Test Clean URL support
   

   This should be a sentence. (end in a period)

2. +++ b/core/modules/system/system.install
   @@ -55,6 +56,16 @@ function system_requirements($phase) {
   +  if ($phase == 'install' && $install_state['interactive'] && !isset($_GET['rewrite']) && strpos($software,'Apache') !== FALSE) {
   

   And I think we only want to check this if apache version is < 2.2.16
   Can we check that?

Needs work for that and #35

Added comment to include #35. Fixed #1 in #37. Not sure about how to do #2 in #37 so I'm leaving that off for now.

Corrects capitalization of "clean"... Interdiff is against #34.

1. +++ b/.htaccess
   @@ -55,6 +52,14 @@ DirectoryIndex index.php index.html index.htm
   +  FallbackResource /index.php
   

   Again, this is awesome!

2. +++ b/core/modules/system/system.install
   @@ -55,6 +56,16 @@ function system_requirements($phase) {
   +  if ($phase == 'install' && $install_state['interactive'] && !isset($_GET['rewrite']) && strpos($software,'Apache') !== FALSE) {
   

   Super minor nitpick needs a space after the comma.

Yup.

I think if we can determine the version from http://php.net/manual/en/function.apache-get-version.php then we should produce a fail if less that 2.2.16 - but we need to keep in mind that apache might not report the exact version depending on how it is set up.

Adding @mikeker to the suggested commit message.

@alexpott that function doesn't exist in the CLI it seems, so that will be only for the UI, is that ok?

Will need to be wrapped in a function_exists()

Would something like this work?

if (function_exists('apache_get_version')) {
  $apache_version = apache_get_version();
  // Assume true until proven otherwise.
  $is_compatible_version = TRUE;
  // Get the version numbers.
  if (preg_match('/(\d+)\.(\d+)\.?(\d+)?/', $apache_version, $matches)) {
    // If the major version is less than 2.
    if (isset($matches[1]) && $matches[1] < 2) {
      $is_compatible_version = FALSE;
    }

    // If the minor version is less than 2.2
    if ($is_compatible_version && isset($matches[2]) && $matches[2] < 2) {
      $is_compatible_version = FALSE;
    }

    // If the patch version is less than 2.2.16
    if ($is_compatible_version && isset($matches[3]) && $matches[3] < 16) {
      $is_compatible_version = FALSE;
    }
  }

}

Pseudo Unit Tested version:P

$assertions = [
  'Full - Apache/2.0.55 (Win32) DAV/2' => FALSE,
  'OS - Apache/2.0.55 (Win32)' => FALSE,
  'Minor - Apache/2.0' => FALSE,
  'Minimal - Apache/2.0.55' => FALSE,
  'Major - Apache/2' => TRUE,
  'Major - Apache/1' => FALSE,
  'Prod - Apache' => TRUE,
  'Full - Apache/2.2.44 (Win32) DAV/2' => TRUE,
  'Full - Apache/2.2.16 (Win32) DAV/2' => TRUE,
  'Full - Apache/2.1.16 (Win32) DAV/2' => FALSE,
  'Full - Apache/2.2.15 (Win32) DAV/2' => FALSE,
  'Full - Apache/2.2.16.1 (Win32) DAV/2' => TRUE,
  'Full - Apache/2.2.15.1 (Win32) DAV/2' => FALSE,
];

/**
 * Checks apache version is compatible.
 *
 * @param string $apache_version Apache version.
 *
 * @return boolean
 *   Whether the apache version is compatible.
 */
function apache_version_is_compatible($apache_version) {
  // Assume true until proven otherwise.
  // Get the version numbers.
  if (preg_match('/(\d+)(\.\d+)*/', $apache_version, $matches)) {
    $version_parts = explode('.', $matches[0]);

    // If the major version is less than 2.
    if (isset($version_parts[0]) && $version_parts[0] < 2) {
      return FALSE;
    }

    // If the minor version is less than 2.2
    if (isset($version_parts[1]) && $version_parts[1] < 2) {
      return FALSE;
    }

    // If the patch version is less than 2.2.16
    if (isset($version_parts[2]) && $version_parts[2] < 16) {
      return FALSE;
    }
  }
  return TRUE;
}

if (function_exists('apache_get_version')) {
  $apache_version = apache_get_version();
  foreach ($assertions as $apache_version => $expected) {
    $return_value = apache_version_is_compatible($apache_version);
    if ($expected === $return_value) {
      echo 'PASS - ' . $apache_version . PHP_EOL;
    }
    else {
      echo 'FAIL - ' . $apache_version . PHP_EOL;
    }
  }
}

> if (preg_match('/(\d+)\.(\d+)\.?(\d+)?/', $apache_version, $matches)) {

Isn't there a PHP function for comparing version numbers?

@joachim I'll say no, cus I looked http://php.net/manual-lookup.php?pattern=version&lang=en&scope=404quickref

Also #45 is better;)

Erm, http://php.net/manual/en/function.version-compare.php ?

@joachim

Compares two "PHP-standardized" version number strings

my regular expression is trying to parse out a version number out of a random string that comes from Apache Status module... sometimes.

@joachim I guess I could use my expression in #45 to get something that version_compare() can use. Maybe that's what you are trying to say all along?

Well it didn't pass my pseudo unit test:D

Edit: Fixed results.

PASS - Full - Apache/2.0.55 (Win32) DAV/2
PASS - OS - Apache/2.0.55 (Win32)
PASS - Minor - Apache/2.0
PASS - Minimal - Apache/2.0.55
FAIL - Major - Apache/2
PASS - Major - Apache/1
PASS - Prod - Apache
PASS - Full - Apache/2.2.44 (Win32) DAV/2
PASS - Full - Apache/2.2.16 (Win32) DAV/2
PASS - Full - Apache/2.1.16 (Win32) DAV/2
PASS - Full - Apache/2.2.15 (Win32) DAV/2
PASS - Full - Apache/2.2.16.1 (Win32) DAV/2
PASS - Full - Apache/2.2.15.1 (Win32) DAV/2

but it is simpler:

function apache_version_is_compatible($apache_version) {
  // Assume true until proven otherwise.
  // Get the version numbers.
  if (preg_match('/(\d+)(\.\d+)*/', $apache_version, $matches)) {
    // If the major version is less than 2.2.16
    if (version_compare($matches[0], '2.2.16', '<')) {
      return FALSE;
    }
  }
  return TRUE;
}

I think #45 is more accurate especially for:
FAIL - Major - Apache/2

I've been following this issue for a while to see how it progresses, as I got burned on it for quite a while. I noticed that the following page about webserver requirements will need updating as it now doesn't seem to follow the thinking here:

https://www.drupal.org/requirements/webserver

• "Note that with Drupal 8, clean urls are enabled by default and can't be disabled, so ngx_http_rewrite_module needs to be installed and enabled for Drupal 8 to work."
• "Note that with Drupal 8, clean urls are enabled by default and can't be disabled, so mod_rewrite needs to be installed and enabled for Drupal 8 to work."

My 2c is that it would just be easier to make clean URL's a requirement in Drupal 8 (as mentioned in the requirements), it seems every fix for this gets messy when checking for edge cases. Following on from a comment made by chris_hall_hu_cheng, it would be great if someone could make a ruling on the direction of this clean url support policy, as it still seems like there is confusion as to whether they should be a requirement or not.

@joelpittet - did you roll all that into the actual patch?

I'm a bit confused about where this issue is at?

Updated todo items in the issue summary and added beta eval. Hopefully that will help clarify where things are at the moment.

did you roll all that into the actual patch?

The tests @joelpittet added in the comments above (for testing Apache version numbers) have not been rolled into this patch... Yet. :)

Couple quick comments on things I ran into when trying to update this patch:

1. apache_get_version() is only available if PHP is compiled for use with Apache. If you're running FastCGI (which a lot of PHP 5.5 users will to take advantage of the new OPCache) it thrown a compile error.
2. version_compare() treats '2.2' as < 2.2.16, but in this case 2.2 could be greater than 2.2.16 -- we just don't know because...
3. $_SERVER['SERVER_SOFTWARE'] and apache_get_version() return values are both controlled by the ServerTokens setting in httpd.conf.

It seems we need to build a function that returns three values:

0 == Apache version verified to be less than 2.2.16 (not compatible without mod_rewrite)
1 == Apache version verified to be 2.2.16 or greater (compatible without mod_rewrite)
2 == Apache version that might be 2.2.16 or greater but we don't know (???)

And need to present different warnings/errors during install for each. If so, do we treat "Apache/2.2" without mod_rewrite as an install error or just a warning?

We could fix all this if we set the minimum version of Apache to 2.2.16 for Drupal 8, regardless of mod_rewrite. Is that an option? We would still need to present a warning for those servers that report "Apache/2" or similar but it would clarify things a lot.

Given that apache_get_version() can return nothing if the ServerTokens is configured for production I think we need to put a warning if mod_rewrite is not enabled and we can't reliably determine apache version. If we can reliably determine that the Apache version does not support FallbackResource and mod_rewrite is not enabled then we need to produce a requirements error.

Okey dokey...

Tested the conditional logic using a proto-unit-test a la @joelpittet, where the return from test() is array($rewrite_warning, $rewrite_error).

if (test('Apache') == array(TRUE, FALSE)) { print "Passed\n"; } else { print "Failed\n"; }
if (test('Apache/1') == array(FALSE, TRUE)) { print "Passed\n"; } else { print "Failed\n"; }
if (test('Apache/2') == array(TRUE, FALSE)) { print "Passed\n"; } else { print "Failed\n"; }
if (test('Apache/3') == array(FALSE, FALSE)) { print "Passed\n"; } else { print "Failed\n"; }
if (test('Apache/2.1') == array(FALSE, TRUE)) { print "Passed\n"; } else { print "Failed\n"; }
if (test('Apache/2.2') == array(TRUE, FALSE)) { print "Passed\n"; } else { print "Failed\n"; }
if (test('Apache/2.3') == array(FALSE, FALSE)) { print "Passed\n"; } else { print "Failed\n"; }
if (test('Apache/2.1.15') == array(FALSE, TRUE)) { print "Passed\n"; } else { print "Failed\n"; }
if (test('Apache/2.1.16') == array(FALSE, TRUE)) { print "Passed\n"; } else { print "Failed\n"; }
if (test('Apache/2.2.15') == array(FALSE, TRUE)) { print "Passed\n"; } else { print "Failed\n"; }
if (test('Apache/2.2.16') == array(FALSE, FALSE)) { print "Passed\n"; } else { print "Failed\n"; }
if (test('Apache/2.3.15') == array(FALSE, FALSE)) { print "Passed\n"; } else { print "Failed\n"; }
if (test('Apache/2.3.16') == array(FALSE, FALSE)) { print "Passed\n"; } else { print "Failed\n"; }

It helps to include the files in question...

@mikeker - thanks for taking this forward! and you too @YesCT for bumping back to test bot.

+++ b/core/modules/system/system.install
@@ -55,6 +56,74 @@ function system_requirements($phase) {
+    // Determine the Apache version number: major, minor and revision.
+    if (preg_match('/Apache\/(\d+)\.?(\d+)?\.?(\d+)?/', $software, $matches)) {
+      $apache_version_string = $matches[0];
+
+      // Major version number
+      if ($matches[1] < 2) {
+        $rewrite_error = TRUE;
+      }
+      else if ($matches[1] == 2) {
+        if (!isset($matches[2])) {
+          $rewrite_warning = TRUE;
+        }
+        else if ($matches[2] < 2) {
+          $rewrite_error = TRUE;
+        }
+        else if ($matches[2] == 2) {
+          if (!isset($matches[3])) {
+            $rewrite_warning = TRUE;
+          }
+          else if ($matches[3] < 16) {
+            $rewrite_error = TRUE;
+          }
+        }
+      }
+    }

How come we can't extract the version number directly and use version_compare()? That would certainly be less code, and easier to read...

Otherwise this seems fine to me.

Rerolled.

@Crell in #65:

How come we can't extract the version number directly and use version_compare()? That would certainly be less code, and easier to read...

Agreed, it's ugly... However, see #57.2 and .3. In short, version_compare correctly treats 2.2 as less than 2.2.16, but ServerTokens settings could have Apache version 2.2.99 return just 2.2 or 2. Thus the need for the yes/no/don't-know comparison.

That's grotesque, Apache... Can we include that in the comment block?

Added a comment that Apache's version reporting is grotesque... :)

I beefed up the comment block before that tangle of code and fixed a typo in the text of the warning.

Bot should be happy, so let's do. Thanks!

I think we should have a followup to detect when drupal is being installed in a sub directory and warn if mod_rewrite is not on.

This issue is a major task that will improve performance significantly and the disruption it introduces is limited. Per https://www.drupal.org/core/beta-changes, this is a good change to complete during the Drupal 8 beta phase. Committed 4a34451 and pushed to 8.0.x. Thanks!

Did that follow up ever happen?

I was working with someone using Drupal8 for the first time, and we got bit by this issue.
#2761935: Thumbnail image style not being generated when embedded in wysiwyg leaving broken preview

Mod rewrite not on in a VM/docker environment.

A warning in the status report (unfortunately rejected with a "No, works as designed") would have provided a clue, rather than time wasted looking for answers in all the wrong places.

#2094985: Drupal 8 install does not warn if Clean Urls are not supported

I had a vague memory of hitting something similar somewhere, so went looking, and stumbled back on all these issues.

publish the cr