Apache PHP-FPM Integration with mod_proxy_fcgi and multiple Users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: users@xxxxxxxxxxxxxxxx
- Subject: Apache PHP-FPM Integration with mod_proxy_fcgi and multiple Users
- From: Patrik Peng <patrik.peng@xxxxxxxxxxxx>
- Date: Thu, 6 Oct 2022 13:49:23 +0200
- Reply-to: users@xxxxxxxxxxxxxxxx
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.3.1
Hi there
I'm trying to create a multi user setup with Apache/2.4.54,
mod_proxy_fcgi and PHP-FPM on a FreeBSD machine.
I already got a working solution with php-fpm running and the
following config in the user's .htaccess:
---8<---
<If "%{REQUEST_FILENAME} =~ /\.php$/ && -f %{REQUEST_FILENAME}">
SetHandler "proxy:unix:/var/run/php-fpm/user1-php81.sock|fcgi://user1"
</If>
---8<---
But now there's the issue, that user1 can edit his htaccess file
to something like this:
SetHandler "proxy:unix:/var/run/php-fpm/user2-php81.sock|fcgi://user2"
and run his PHP code with a different user. How can I prevent
this?
- Denying the usage of "SetHandler/AddHandler" in .htaccess and
moving the above config into the virtualhost config would not be
desired
as there are lots of pre existing user installations using these
directives in their installations.
- Changing the permissions on the fpm unix socket doesn't work
as apache always accesses it with its www user.
Maybe someone can help me further.
Regards,
Patrik
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
