Re: Apache PHP-FPM Integration with mod_proxy_fcgi and multiple Users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Op 6 okt. 2022 om 13:50 heeft Patrik Peng <patrik.peng@xxxxxxxxxxxx> het volgende geschreven:



Hi there

I'm trying to create a multi user setup with Apache/2.4.54, mod_proxy_fcgi and PHP-FPM on a FreeBSD machine.
I already got a working solution with php-fpm running and the following config in the user's .htaccess:

---8<---
<If "%{REQUEST_FILENAME} =~ /\.php$/ && -f %{REQUEST_FILENAME}">
  SetHandler "proxy:unix:/var/run/php-fpm/user1-php81.sock|fcgi://user1"
</If>
---8<---

But now there's the issue, that user1 can edit his htaccess file to something like this:

SetHandler "proxy:unix:/var/run/php-fpm/user2-php81.sock|fcgi://user2"

and run his PHP code with a different user. How can I prevent this?

  • Denying the usage of "SetHandler/AddHandler" in .htaccess and moving the above config into the virtualhost config would not be desired
    as there are lots of pre existing user installations using these directives in their installations.

  • Changing the permissions on the fpm unix socket doesn't work as apache always accesses it with its www user.

Maybe someone can help me further.


You already have the solution. What do you need help with? :D

Regards,
Patrik

Attachment: OpenPGP_signature
Description: Binary data


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux