Hi there
I'm trying to create a multi user setup with Apache/2.4.54,
mod_proxy_fcgi and PHP-FPM on a FreeBSD machine.
I already got a working solution with php-fpm running and the
following config in the user's .htaccess:
---8<---
<If "%{REQUEST_FILENAME} =~ /\.php$/ && -f %{REQUEST_FILENAME}">
SetHandler "proxy:unix:/var/run/php-fpm/user1-php81.sock|fcgi://user1"
</If>
---8<---
But now there's the issue, that user1 can edit his htaccess file
to something like this:
SetHandler "proxy:unix:/var/run/php-fpm/user2-php81.sock|fcgi://user2"
and run his PHP code with a different user. How can I prevent
this?
- Denying the usage of "SetHandler/AddHandler" in .htaccess and
moving the above config into the virtualhost config would not be
desired
as there are lots of pre existing user installations using these
directives in their installations.
- Changing the permissions on the fpm unix socket doesn't work
as apache always accesses it with its www user.
Maybe someone can help me further.
