Op 6 okt. 2022 om 13:50 heeft Patrik Peng <patrik.p...@hostpoint.ch> het volgende geschreven:
Hi there
I'm trying to create a multi user setup with Apache/2.4.54,
mod_proxy_fcgi and PHP-FPM on a FreeBSD machine.
I already got a working solution with php-fpm running and the
following config in the user's .htaccess:
---8<---
<If "%{REQUEST_FILENAME} =~ /\.php$/ && -f %{REQUEST_FILENAME}">
SetHandler "proxy:unix:/var/run/php-fpm/user1-php81.sock|fcgi://user1"
</If>
---8<---
But now there's the issue, that user1 can edit his htaccess file
to something like this:
SetHandler "proxy:unix:/var/run/php-fpm/user2-php81.sock|fcgi://user2"
and run his PHP code with a different user. How can I prevent
this?
- Denying the usage of "SetHandler/AddHandler" in .htaccess and
moving the above config into the virtualhost config would not be
desired
as there are lots of pre existing user installations using these
directives in their installations.
- Changing the permissions on the fpm unix socket doesn't work
as apache always accesses it with its www user.
Maybe someone can help me further.
You already have the solution. What do you need help with? :D |
OpenPGP_signature
Description: Binary data
